phpMyAdmin 4.8.1 - Remote Code Execution (RCE)

Ganesha   21 November 2022   24.457 Views
Security Team ChaMd5 disclose a Local File Inclusion vulnerability in phpMyAdmin latest version 4.8.1. And the exploiting of this vulnerability may lead to Remote Code Execution. usr bin env python import re, requests, sys check python major version if sys.version info.major 3...

CVE-2022-3360 - Unauthenticated PHP Object Injection via REST API

Ganesha   21 November 2022   22.395 Views
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE . To successfully exploit this vulnerability attackers m...

Dynamic Content for Elementor < 1.9.6 - Authenticated RCE

Airlangga   10 February 2023   13.579 Views
The PHP Raw Widget dynamic.ooo widget php raw of the Dynamic Content for Elementor plugin before 1.9.6 did not properly check for user permissions, allowing accounts with a role as low as editor to perform RCE attacks. Proof of Concept POST wp admin admin ajax.php HTTP 1.1 Host exam...