(DMC.com.eg) Database Backup Disclosure _wysija-newsletters_

2020.05.23

Elsfa7-110 (EG)

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

#################################################################################################

# Exploit Title : (DMC.com.eg) Database Backup Disclosure
# Author [ Discovered By ] : Elsfa7-110
# Date : 22/05/2020
# Vendor Homepage : mailpoet.com ~ wordpress.org/plugins/wysija-newsletters/
# Software Download Link : downloads.wordpress.org/plugin/wysija-newsletters.2.10.2.zip
# Tested On : Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

# Exploit : 

https://dmc.com.eg/wp-content/plugins/wysija-newsletters/sql/install.sql

https://dmc.com.eg/wp-content/plugins/wysija-newsletters/sql/uninstall.sql

############################################################################################

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

(DMC.com.eg) Database Backup Disclosure _wysija-newsletters_

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.