CVE-2024-2876

The repository contains functional exploit code for multiple CVEs, including CVE-2026-22812, which demonstrates remote command execution (RCE) via session manipulation and command injection. The code is well-structured, includes proper error handling, and is designed for both single and batch target testing.

This repository contains a README describing a SQL injection vulnerability (CVE-2024-2876) in Icegram Express. No actual exploit code is provided, only a legal disclaimer and brief description.

The repository provides a functional proof-of-concept for CVE-2024-2876, a SQL injection vulnerability in the 'Email Subscribers by Icegram Express' WordPress plugin. The exploit leverages unsanitized input in the `IG_ES_Subscribers_Query` class to execute arbitrary SQL queries.

This repository contains a proof-of-concept for CVE-2024-2876, an unauthenticated SQL Injection vulnerability in the Email Subscribers by Icegram Express WordPress plugin. The PoC demonstrates how an attacker can inject malicious SQL queries via the 'advanced_filter' parameter to extract sensitive database information.

This PoC exploits a time-based SQL injection vulnerability in the Email Subscribers plugin for WordPress. It checks for vulnerable versions (<5.7.15) and confirms exploitation via a sleep-based payload.

The repository contains a functional SQL injection exploit for CVE-2024-2876, targeting the 'Email Subscribers by Icegram Express' WordPress plugin. The exploit leverages a time-based SQLi via the `advanced_filter` parameter in a POST request to `/wp-admin/admin-post.php`.

The repository provides functional SQL injection PoCs for CVE-2024-2876 and CVE-2024-3495, targeting WordPress plugins 'Email Subscribers by Icegram Express' and 'Country State City Dropdown CF7' respectively. The PoCs include crafted HTTP requests demonstrating time-based and union-based SQLi techniques.

The repository contains a functional SQL injection exploit for CVE-2024-2876, targeting the Email Subscribers by Icegram Express WordPress plugin. The exploit uses a time-based SQLi payload to verify vulnerability via a crafted POST request to /wp-admin/admin-post.php.