Transposh WordPress Translation versions 1.0.8.1 and below do not properly enforce authorization on functionalities available on the plugin’s “Utilities” page leading to unauthorized access for all user roles, including “Subscriber”.
Transposh WordPress Translation versions 1.0.8.1 and below have a “tp_editor” page at “/wp-admin/admin.php?page=tp_editor” that is vulnerable to two authenticated, blind SQL injections when user-supplied input to the HTTP GET parameters “order” and “orderby” is processed by the web application.
Transposh WordPress Translation versions 1.0.8.1 and below have a “save_transposh” action available at “/wp-admin/admin.php?page=tp_advanced” that does not properly validate the “Log file name” allowing an attacker with the “Administrator” role to specify a .php file as the log destination. Since the log file is stored directly within the “/wp-admin” directory, executing arbitrary PHP code is […]
http://www.pasanghospital.go.th/404.php notified by 0x1998
Tags: defacementhttp://www.tago.go.th/tago/gallery/hai.html notified by ./Niz4r
Tags: defacementhttp://www.arpon.go.th/arpon/mainfile/hai.html notified by ./Niz4r
Tags: defacementhttp://www.krabuang.go.th/krabuang/file_editor/hai.html notified by ./Niz4r
Tags: defacementhttp://srinarong.go.th/srinarong/mainfile/hai.html notified by ./Niz4r
Tags: defacementhttp://nanuan.go.th/nanuan/module_eservice1/ notified by ./Niz4r
Tags: defacementTransposh WordPress Translation versions 1.0.8.1 and below have a “save_transposh” action available at “/wp-admin/admin.php?page=tp_advanced” that does not properly validate the “Log file name” allowing an attacker with the “Administrator” role to specify a .php file as the log destination. Since the log file is stored directly within the “/wp-admin” directory, executing arbitrary PHP code is […]