Lucene search
WpvulndbWPEX-ID:4A27D374-F690-4A8A-987A-9E0F56BBE143HistoryOct 16, 2021 - 12:00 a.m.
Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection
2021-10-1600:00:00
wpvulndb
48
speed booster pack
admin+
sql injection
fix
table conversion
innodb
exploit
EPSS
0.001
Percentile
37.7%
The plugin does not escape the sbp_convert_table_name parameter before using it in a SQL statement to convert the related table, leading to an SQL injection
https://example.com/wp-admin/admin-ajax.php?action=sbp_database_action&sbp_action=convert_tables&sbp_convert_table_name=SQLi&nonce=b2d6208254
The nonce is obtained when Converting a table to InnoDB (/wp-admin/admin.php?page=sbp-settings#tab=database-optimization) and capturing the requestRelated
patchstack
patchstack
nvd
nvd
CVE-2021-25023
2022-01-03 13:15:09
cvelist
cvelist
CVE-2021-25023 Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection
2022-01-03 12:49:15
prion
prion
Sql injection
2022-01-03 13:15:00
wpvulndb
wpvulndb
Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection
2021-10-16 00:00:00
cve
cve
CVE-2021-25023
2022-01-03 13:15:09
cnvd
cnvd
WordPress SQL Injection Vulnerability (CNVD-2022-03213)
2022-01-07 00:00:00