logo
DATABASE RESOURCES PRICING ABOUT US

GeoDirectory Location Manager < 2.1.0.10 - Multiple Unauthenticated SQL Injections

Description

In the plugin, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues. The prerequisite to exploiting this vulnerability is finding a page on the vulnerable site which uses affected functionality. Even if the site uses the affected plugin, it has to include the file `/wp-content/plugins/geodir_location_manager/includes/widget-functions.php` which includes that action in the site. That page creates a `_nonce` variable which is validated by the script to be a valid one. In the time of writing. I did not find a way to bypass that check.


Related