Elementor website builder SQL injection vulnerability through admin+ sectio
Reporter | Title | Published | Views | Family All 11 |
---|---|---|---|---|
![]() | CVE-2023-0329 Elementor Website Builder < 3.12.2 - Admin+ SQLi | 30 May 202307:49 | – | cvelist |
![]() | CVE-2023-0329 | 30 May 202308:15 | – | nvd |
![]() | WordPress Elementor Website Builder Plugin <= 3.12.1 is vulnerable to SQL Injection | 24 Apr 202300:00 | – | patchstack |
![]() | Sql injection | 30 May 202308:15 | – | prion |
![]() | Elementor Website Builder < 3.12.2 - Admin+ SQLi | 2 Apr 202400:00 | – | exploitdb |
![]() | Elementor Website Builder < 3.12.2 SQL injection Exploit | 14 Nov 202300:00 | – | zdt |
![]() | Elementor Website Builder SQL Injection | 13 Nov 202300:00 | – | packetstorm |
![]() | Elementor Website Builder SQL Injection | 2 Apr 202400:00 | – | packetstorm |
![]() | CVE-2023-0329 | 30 May 202308:15 | – | cve |
![]() | Elementor Website Builder < 3.12.2 - Admin+ SQLi | 2 May 202300:00 | – | wpvulndb |
1. Go to Elementor > Tools > Replace URL
2. Fill the first field with `http://localhost:8000/`
3. Fill the second field with `http://localhost:8000/?test'),meta_key='key4'where+meta_id=SLEEP(2);#`
4. Note the additional time taken by the request, demonstrating the SQL injection vulnerability.
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo