CF7 Plugin For WordPress Unauthenticated SQL Injection Exploit - System32

svg

svg

svg

Now Reading: CF7 Plugin For WordPress Unauthenticated SQL Injection Exploit

Loading

Loading

CF7 Plugin For WordPress Unauthenticated SQL Injection Exploit

Exploits And POCs

May 24, 2024 / Prapattimynk

CF7 Plugin For WordPress Unauthenticated SQL Injection Exploit

32

Share

Ads

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and ‘sid’ parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE-2024-3495 Country State City Dropdown CF7 <= 2.7.2 – Unauthenticated SQL Injection

Upvote0PointsDownvote

0 People voted this article. 0 Upvotes - 0 Downvotes.

Prev Post

Confluence Data Center and Server RCE CVE-2024-21683 Exploit

Next Post

Conti Ransomware Builder

What do you think?

It is nice to know your opinion. Leave a comment.

Leave a reply Cancel reply

Subscribe & Follow

Popular Posts

01

Craxs Rat V6.7 Working Free Download

September 14, 2023

02

FHR Electric Data Leak

July 8, 2023

03

Postfix SMTP Smuggling CVE-2023-51764 Exploit

December 27, 2023

04

WSPCoerce - PoC to coerce authentication from Windows hosts using MS-WSP

July 28, 2023

05

CVE-2023-20110 Exploit | Cisco Smart Software Manager On-Prem SQL Injection

July 16, 2023

Categories

Cyber sec44
Database122
Exploits And POCs199
Malicious Scripts137
Tools137
Malwares50
Softwares35

Loading

svg

Quick Navigation

1
CF7 Plugin For WordPress Unauthenticated SQL Injection Exploit