Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2016-1209

Published: 14/05/2016 Updated: 23/06/2016
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 756
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Ninjaforms

Vulnerability Summary

The Ninja Forms plugin prior to 2.9.42.1 for WordPress allows remote malicious users to conduct PHP object injection attacks via crafted serialized values in a POST request.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ninjaforms ninja forms

Exploits

Exploit DB: WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - File Upload (Metasploit)
## # This module requires Metasploit: wwwmetasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule &lt; Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FileDropper include Msf::Exploit::Remote::HTTP::Wordpress def initialize(info = {}) ...

Github Repositories

https://github.com/LeBlogDuHacker/vulnlab

Lab vulnérble WP + Ninja forms CVE 2016-1209 (à ne pas mettre en production)

vulnlab Lab vulnérble WP + Ninja forms CVE 2016-1209 (à ne pas mettre en production)

https://github.com/Karma47/Cybersecurity_base_project_2

Metasploitable 3 and Snort rules

Please GO THROUGH THE PDF FILE Cybersecurity_base_project_2 Metasploitable 3 and Snort rules Cyber security base – Project 2 Target – Metasploitable 3 Windows Server 2008 &amp; Ubuntu server 14 STEP 1: Run an Nmap Ping sweep scan to look for potential connected devices $ nmap -sP 19216811/24 STEP 2: Identify Target Host – 192168140 STEP 3: Run an nma

References

CWE-20http://www.pritect.net/blog/ninja-forms-2-9-42-critical-security-vulnerabilitieshttps://ninjaforms.com/important-security-update-always-hurt-ones-love/http://jvndb.jvn.jp/jvndb/JVNDB-2016-000064https://wordpress.org/plugins/ninja-forms/changelog/http://jvn.jp/en/jp/JVN44657371/index.htmlhttps://wpvulndb.com/vulnerabilities/8485http://www.rapid7.com/db/modules/exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_uploadhttp://packetstormsecurity.com/files/137211/WordPress-Ninja-Forms-Unauthenticated-File-Upload.htmlhttps://nvd.nist.govhttps://github.com/LeBlogDuHacker/vulnlabhttps://www.exploit-db.com/exploits/41692/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook