Dokan Pro Unauthenticated SQL Injection POC | CVSS 10
by Loki - Monday July 8, 2024 at 02:16 PM
#41
(07-08-2024, 02:16 PM)Loki Wrote:
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

POC:


Omnicer
ty my frind, love it
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Google Dorks for finding SQL injection vulnerabilities and other security issues 1yush 65 2,462 07-02-2026, 02:50 AM
Last Post: NyxeraVX
  new wordpress website takeover vuln (video + poc ) zinzeur 312 27,280 03-28-2026, 02:43 AM
Last Post: toshi99
  [POC] Google OAuth "MultiLogin" endpoint 0-day Farfallaiero 106 13,203 02-10-2026, 03:34 PM
Last Post: birhikayemvar
  Cool Remote Patching ETW/Amsi PoC pepeloco 6 2,094 02-08-2026, 07:58 AM
Last Post: zeroday99
  CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC miyako 3 76 02-07-2026, 03:32 PM
Last Post: cysc



 Users browsing this thread: 1 Guest(s)