Created
August 31, 2018 11:24
-
-
Save namishelex01/d8abad412b5ee8a4dd2bc8060748aed5 to your computer and use it in GitHub Desktop.
I'm listing top vulnerabilities of most used CMS frameworks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > WordPress Plugin Quizlord 2.0 - XSS | |
| > WordPress Plugin Jibu Pro 1.7 - XSS | |
| > phpMyAdmin 4.7.x - XSRF | |
| > WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection | |
| > Responsive FileManager < 9.13.4 - Directory Traversal | |
| > LiteCart 2.1.2 - Arbitrary File Upload | |
| > Gleez CMS 1.2.0 - XSRF (Add Admin) | |
| > WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQLi | |
| > UltimatePOS 2.5 - RCE | |
| > Twitter-Clone 1 - 'code' SQLi | |
| > KingMedia 4.1 - RCE | |
| > Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection | |
| > Twitter-Clone 1 - XSRF (Delete Post) | |
| > Twitter-Clone 1 - 'userid' SQLi | |
| > Countly - Persistent XSS | |
| > Easylogin Pro 1.3.0 - 'Encryptor.php' Unserialize RCE | |
| > WordPress Plugin Tagregator 0.6 - XSS | |
| > MyBB Moderator Log Notes Plugin 1.1 - XSRF | |
| > WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQLi | |
| > Pimcore 5.2.3 - SQLi / XSS / XSRF | |
| > WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection | |
| > MyBB Like Plugin 3.0.0 - XSS | |
| > MyBB Thank You/Like Plugin 3.0.0 - XSS | |
| > Zimbra 8.6.0_GA_1153 - XSS | |
| > Monstra-Dev 3.0.4 - XSRF (Account Hijacking) | |
| > OpenEMR < 5.0.1 - RCE | |
| > Monstra 3.0.4 - XSS | |
| > CMS ISWEB 3.5.3 - Directory Traversal | |
| > onArcade 2.4.2 - XSRF (Add Admin) | |
| > Subrion CMS 4.2.1 - XSS | |
| > PHP Template Store Script 3.0.6 - XSS | |
| > CoSoSys Endpoint Protector 4.5.0.1 - Authenticated Remote Root Command Injection | |
| > PageResponse FB Inboxer Add-on 1.2 - 'search_field' SQLi | |
| > TI Online Examination System v2 - Arbitrary File Download | |
| > WityCMS 0.6.2 - XSRF (Password Change) | |
| > WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit) | |
| > SoftNAS Cloud < 4.0.3 - OS Command Injection | |
| > Micro Focus Secure Messaging Gateway (SMG) < 471 - RCE (Metasploit) | |
| > Kirby CMS 2.5.12 - XSS | |
| > MSVOD 10 - 'cid' SQLi | |
| > MyBB New Threads Plugin 1.1 - XSS | |
| > WordPress Plugin All In One Favicon 4.6 - (Authenticated) XSS | |
| > Modx Revolution < 2.6.4 - RCE | |
| > FTP2FTP 1.0 - Arbitrary File Download | |
| > Smart SMS & Email Manager 3.3 - 'contact_type_id' SQLi | |
| > PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation | |
| > PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation | |
| > WordPress Plugin Job Manager 4.1.0 - XSS | |
| > phpMyAdmin - (Authenticated) RCE (Metasploit) | |
| > Zeta Producer Desktop CMS 14.2.0 - RCE / Local File Disclosure |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment