KBA@SOGETI_ESEC

2 exploits Active since Dec 2019

CVE-2019-20361 EXPLOITDB CRITICAL bash WORKING POC

Icegram Email Subscribers & Newsletters < 4.3.1 - SQL Injection

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).

CVSS 9.8

View Code

CVE-2019-19985 EXPLOITDB MEDIUM text WORKING POC

Icegram Email Subscribers & Newsletters - Missing Authorization

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.

CVSS 5.3

View Code