Hanley Shun - Security Researcher - Exploit Intelligence Platform

CVE-2017-6097 EXPLOITDB HIGH text WORKING POC

Mail Masta 1.0 - Authenticated SQL Injection via camp_id Parameter

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.

CVSS 7.2

View Code

CVE-2017-6096 EXPLOITDB HIGH text WORKING POC

Mail Masta 1.0 - Authenticated SQL Injection via Filter List Parameter

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list.

CVSS 7.2

View Code

CVE-2017-6095 EXPLOITDB CRITICAL text WORKING POC

Mail Masta 1.0 - Unauthenticated SQL Injection via list_id Parameter

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.

CVSS 9.8

View Code

CVE-2017-6098 EXPLOITDB HIGH text WORKING POC

Mail Masta 1.0 - Authenticated SQL Injection via list_id Parameter

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.

CVSS 7.2

View Code