WordPress Plainview Activity Monitor 20161228 Remote Command Execution

Posted by deepcore on November 30, 2019 – 5:00 pm

WordPress Plainview Activity Monitor plugin is vulnerable to OS command injection which allows an attacker to remotely execute commands on the underlying system. Application passes unsafe user supplied data to ip parameter into activities_overview.php. Privileges are required in order to exploit this vulnerability. Vulnerable plugin version: 20161228 and possibly prior. Fixed plugin version: 20180826.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [dos] SpotAuditor 5.3.2 – 'Name' Denial of Service OwnCloud 8.1.8 Username Disclosure »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

WordPress Plainview Activity Monitor 20161228 Remote Command Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL