Full Disclosure mailing list archives

Re: WordPress Plugin Contact Form Builder [CSRF → LFI]

From: Henri Salo <henri () nerv fi>
Date: Sat, 27 Apr 2019 00:43:38 +0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sat, Apr 20, 2019 at 07:22:25AM +0300, Panagiotis Vagenas wrote:

# Exploit Title: Contact Form Builder [CSRF → LFI]
# Date: 2019-03-17
# Exploit Author: Panagiotis Vagenas
# Vendor Homepage: http://web-dorado.com/
# Software Link: https://wordpress.org/plugins/contact-form-builder
# Version: 1.0.67
# Tested on: WordPress 5.1.1


MITRE assigned CVE-2019-11557 for this vulnerability.

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE/aVSDznAZReWTkxKJ633pE6qdXQFAlzDe4kACgkQJ633pE6q
dXRxjg//V58vQe1Qy9ziON4Z3fPFeN+i/GT2qBh1e3HLcfEzwblGmTPHMF1yIU1/
bLrvA+s1DcWVz060S0Mlf9F2pFH2OFiAgttcl6zNsQQjU3SihXmA5FlCPUJrhOXP
1rMAf4zV7nUFpNnERe9ucx+RP3/F3yH8ncnSLzXPciL+z/Ro66hEUkyCoDhIL52m
UH7no3XMFPXtg514Fk5o9THmGCVRApp+JTMfdi/eFQlFNYUDOsmX8KD8PoaYTAT6
sKpzfJ/wVc5PKEsXbi5O/k5S08R8OoKlGQ+hzQFU35Eoprpdn0H+IZtC6Ft6wQyQ
b5CfU/7D6F2pDBvl2GUZPHBg1iwLOiBLIJl+YHBoFMOI+wiJeonwJ7JEml/uhv3O
7parMoY8GWgqNUl1L23fiMXzllhMWbbTV0Gin14EKsFC/dOPmlHRmrnRkZO0EeWm
6XpaZbnyTKVzLDF7JnnkB0uBXxL83ARem/tP0Gdt/zQsvzEtkC6mRnpelY2O/2fy
9ylqYenDzLHJ6+EM2PVGGQJjuyuPAsgrrcmkj7td09nF45J6aGcFOr7GcdyXeTXI
n0mNtl0fjjjAi6HZg4MM3gHZ7sbWESNq92ePxNwj7KhVWyTSb67nbkObs2g59B09
bK56Pf4h3nVupTdCvFXlerADSFhsQrQxR1Q8zWPjjgaW+4b03Jc=
=00mC
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

WordPress Plugin Contact Form Builder [CSRF → LFI] Panagiotis Vagenas (Apr 23)
- Re: WordPress Plugin Contact Form Builder [CSRF → LFI] Henri Salo (Apr 30)