7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.012 Low
EPSS
Percentile
85.2%
The WordPress plugin
# Copyright (C) 2020 Greenbone Networks GmbH
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.112702");
script_version("2023-01-17T10:10:58+0000");
script_tag(name:"last_modification", value:"2023-01-17 10:10:58 +0000 (Tue, 17 Jan 2023)");
script_tag(name:"creation_date", value:"2020-02-25 10:09:00 +0000 (Tue, 25 Feb 2020)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-02-19 20:17:00 +0000 (Wed, 19 Feb 2020)");
script_cve_id("CVE-2020-9006");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("WordPress Popup Builder Plugin 2.2.8 < 3.0 SQL Injection Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone Networks GmbH");
script_family("Web application abuses");
script_dependencies("gb_wordpress_plugin_http_detect.nasl");
script_mandatory_keys("wordpress/plugin/popup-builder/detected");
script_tag(name:"summary", value:"The WordPress plugin 'Popup Builder' is prone to an SQL injection
vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The plugin is vulnerable to SQL injection via PHP deserialization
on attacker-controlled data with the attachmentUrl POST variable. This allows the creation of an
arbitrary WordPress Administrator account, leading to possible remote code execution because
administrators can run PHP code on WordPress instances.");
script_tag(name:"impact", value:"Successful exploitation of this vulnerability would allow a remote
attacker to execute arbitrary SQL commands on the affected system.");
script_tag(name:"affected", value:"WordPress Popup Builder plugin 2.2.8 through 2.6.7.6.");
script_tag(name:"solution", value:"Update to version 3.0 or later.");
script_xref(name:"URL", value:"https://wordpress.org/plugins/popup-builder/#developers");
script_xref(name:"URL", value:"https://wpvulndb.com/vulnerabilities/10073");
exit(0);
}
CPE = "cpe:/a:sygnoos:popup_builder";
include("host_details.inc");
include("version_func.inc");
if( ! port = get_app_port( cpe: CPE ) )
exit( 0 );
if( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )
exit( 0 );
version = infos["version"];
location = infos["location"];
if( version_in_range( version: version, test_version: "2.2.8", test_version2: "2.6.7.6" ) ) {
report = report_fixed_ver( installed_version: version, fixed_version: "3.0", install_path: location );
security_message( port: port, data: report );
exit( 0 );
}
exit( 99 );
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.012 Low
EPSS
Percentile
85.2%