CVE-2024-43917

This repository contains a functional Python script that demonstrates an SQL injection vulnerability in the TI WooCommerce Wishlist plugin for WordPress. The exploit targets unauthenticated SQLi via the 'order' parameter in the plugin's API endpoint, allowing arbitrary SQL command execution.

The repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and functional code.

This repository contains a functional Python script that exploits CVE-2024-43917, an SQL injection vulnerability in the TI WooCommerce Wishlist WordPress plugin. The exploit sends crafted HTTP requests to inject SQL commands via the 'order' parameter in the wishlist API endpoint.

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the TI WooCommerce Wishlist plugin (CVE-2024-43917) by retrieving a share key via bruteforce and then performing time-based blind SQL injection to extract user credentials.