cleantalk
Vulnerabilities and Security Researches

EZ SQL Reports Shortcode Widget and DB Backup, 01aaecbc-6aae-4a33-ac00-1b14b34f4c71

CVE, Research URL

01aaecbc-6aae-4a33-ac00-1b14b34f4c71

Home page URL

Security reports for EZ SQL Reports Shortcode Widget and DB Backup

Application

EZ SQL Reports Shortcode Widget and DB Backup

Published on
-
Research Description
EZ SQL Reports Shortcode Widget and DB Backup [elisqlreports] < 4.11.37 EZ SQL Reports &lt;= 4.11.33 - Authenticated Arbitrary Code Execution There are several calls to &quot;passtthru&quot; in the code, one of them is receiving the username, password, database name and host from the $_POST arguments, so you can inject in every of this parameter the &quot;;&quot; character or others like &quot;&amp;&amp;&quot; or &quot;||&quot; to execute other distinct commands to &quot;/usr/bin/mysql&quot;.
Affected versions
Min -, max 4.11.37.
Status
vulnerable
Previous vulnerability researches
EZ SQL Reports Shortcode Widget and DB Backup (CVE-2025-30788) , Apr 02, 2025
EZ SQL Reports Shortcode Widget and DB Backup (CVE-2025-30787) , Apr 02, 2025
EZ SQL Reports Shortcode Widget and DB Backup (CVE-2025-26887) , Feb 25, 2025
EZ SQL Reports Shortcode Widget and DB Backup (01aaecbc-6aae-4a33-ac00-1b14b34f4c71) , Jun 07, 2024
EZ SQL Reports Shortcode Widget and DB Backup (CVE-2025-2319) , Mar 26, 2025
New vulnerability
Address Autocomplete via Google for Gravity Forms (CVE-2025-53263) , Jul 03, 2025
Spoki &#8211; Chat Buttons and WooCommerce Notifications (CVE-2025-50026) , Jul 03, 2025
Amazon Products to WooCommerce (CVE-2025-5813) , Jul 03, 2025
Breeze &#8211; WordPress Cache Plugin (CVE-2025-23999) , Jul 03, 2025
Twitch TV Embed Suite (CVE-2025-53313) , Jul 03, 2025