Vulnerabilities
Pie Register 2.0.13 Privilege escalation
Anyone can import CSV file. Pie Register will import users from this file.
17-01-2015
1 MIN READ
Vulnerabilities
Anyone can import CSV file. Pie Register will import users from this file.
1 MIN READ
Vulnerabilities
It's possible to inject specially crafted reflected XSS even if strip_tags and addslashes is used.
1 MIN READ
Vulnerabilities
Any registered user can upload any file.
1 MIN READ
Vulnerabilities
$_GET['mp3'] is not escaped.
1 MIN READ
Vulnerabilities
preg_match() only check if $_GET['code'] contains at least one letter or digit (missing ^ and $ inside regexp).
1 MIN READ
Vulnerabilities
Administrator privileges are NOT checked when we pass $_GET['wprss-bulk'].
1 MIN READ
Vulnerabilities
Slashes are removed from $_GET['condition'].
1 MIN READ
Vulnerabilities
$_GET['error_message'] is not escaped.
1 MIN READ