|
7111 | 7111 | "autofilter_ports": [], |
7112 | 7112 | "autofilter_services": [], |
7113 | 7113 | "targets": null, |
7114 | | - "mod_time": "2024-05-02 13:57:13 +0000", |
| 7114 | + "mod_time": "2025-05-28 09:23:36 +0000", |
7115 | 7115 | "path": "/modules/auxiliary/admin/ldap/vmware_vcenter_vmdir_auth_bypass.rb", |
7116 | 7116 | "is_install_path": true, |
7117 | 7117 | "ref_name": "admin/ldap/vmware_vcenter_vmdir_auth_bypass", |
|
26793 | 26793 | "needs_cleanup": false, |
26794 | 26794 | "actions": [] |
26795 | 26795 | }, |
| 26796 | + "auxiliary_gather/wp_depicter_sqli_cve_2025_2011": { |
| 26797 | + "name": "WordPress Depicter Plugin SQL Injection (CVE-2025-2011)", |
| 26798 | + "fullname": "auxiliary/gather/wp_depicter_sqli_cve_2025_2011", |
| 26799 | + "aliases": [], |
| 26800 | + "rank": 300, |
| 26801 | + "disclosure_date": "2025-05-08", |
| 26802 | + "type": "auxiliary", |
| 26803 | + "author": [ |
| 26804 | + "Muhamad Visat", |
| 26805 | + "Valentin Lobstein" |
| 26806 | + ], |
| 26807 | + "description": "The Slider & Popup Builder by Depicter plugin for WordPress <= 3.6.1\n is vulnerable to unauthenticated SQL injection via the 's' parameter\n in admin-ajax.php.", |
| 26808 | + "references": [ |
| 26809 | + "CVE-2025-2011", |
| 26810 | + "WPVDB-6f894272-3eb6-4595-ae00-1c4b0c0b6564", |
| 26811 | + "URL-https://cloud.projectdiscovery.io/library/CVE-2025-2011", |
| 26812 | + "URL-https://plugins.trac.wordpress.org/browser/depicter/trunk/app/src/Controllers/Ajax/LeadsAjaxController.php?rev=3156664#L179" |
| 26813 | + ], |
| 26814 | + "platform": "", |
| 26815 | + "arch": "", |
| 26816 | + "rport": 80, |
| 26817 | + "autofilter_ports": [ |
| 26818 | + 80, |
| 26819 | + 8080, |
| 26820 | + 443, |
| 26821 | + 8000, |
| 26822 | + 8888, |
| 26823 | + 8880, |
| 26824 | + 8008, |
| 26825 | + 3000, |
| 26826 | + 8443 |
| 26827 | + ], |
| 26828 | + "autofilter_services": [ |
| 26829 | + "http", |
| 26830 | + "https" |
| 26831 | + ], |
| 26832 | + "targets": null, |
| 26833 | + "mod_time": "2025-05-28 18:01:32 +0000", |
| 26834 | + "path": "/modules/auxiliary/gather/wp_depicter_sqli_cve_2025_2011.rb", |
| 26835 | + "is_install_path": true, |
| 26836 | + "ref_name": "gather/wp_depicter_sqli_cve_2025_2011", |
| 26837 | + "check": true, |
| 26838 | + "post_auth": false, |
| 26839 | + "default_credential": false, |
| 26840 | + "notes": { |
| 26841 | + "Stability": [ |
| 26842 | + "crash-safe" |
| 26843 | + ], |
| 26844 | + "SideEffects": [ |
| 26845 | + "ioc-in-logs" |
| 26846 | + ], |
| 26847 | + "Reliability": [] |
| 26848 | + }, |
| 26849 | + "session_types": false, |
| 26850 | + "needs_cleanup": false, |
| 26851 | + "actions": [ |
| 26852 | + { |
| 26853 | + "name": "SQLi", |
| 26854 | + "description": "Perform SQL Injection via admin-ajax.php?s=" |
| 26855 | + } |
| 26856 | + ] |
| 26857 | + }, |
26796 | 26858 | "auxiliary_gather/wp_ultimate_csv_importer_user_extract": { |
26797 | 26859 | "name": "WordPress Ultimate CSV Importer User Table Extract", |
26798 | 26860 | "fullname": "auxiliary/gather/wp_ultimate_csv_importer_user_extract", |
|
0 commit comments