DATABASE RESOURCES PRICING ABOUT US

{"id": "WPEX-ID:A1CF08FE-943A-4F14-BEB0-25216011B538", "type": "wpexploit", "bulletinFamily": "exploit", "title": "Giveaway <= 1.2.2 - Authenticated SQL Injection", "description": "The plugin is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $post_id on the options.php page.\n", "published": "2021-07-20T00:00:00", "modified": "2021-07-20T11:42:33", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "Mesut Cetin", "references": [], "cvelist": ["CVE-2021-24497"], "immutableFields": [], "lastseen": "2021-09-14T23:31:34", "viewCount": 117, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24497"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:A1CF08FE-943A-4F14-BEB0-25216011B538"]}], "rev": 4}, "score": {"value": 6.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-24497"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:A1CF08FE-943A-4F14-BEB0-25216011B538"]}]}, "exploitation": null, "vulnersScore": 6.3}, "sourceData": "1. Navigate in Wordpress panel to Settings -> Giveaway\r\n\r\n2. Intercept the request in Burp Suite\r\n\r\n3. Click on \"Select\" button at the very top\r\n\r\n4. payload: (select*from(select(sleep(10)))a)\r\n\r\n5. modify POST parameter \"options%5Bpost%5D\" with SQLi payload\r\n\r\n6. the page will sleep for 10 seconds", "generation": 0, "_state": {"dependencies": 1646296052}}

{"cve": [{"lastseen": "2022-03-23T14:55:50", "description": "The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $post_id on the options.php page.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-23T12:15:00", "type": "cve", "title": "CVE-2021-24497", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24497"], "modified": "2021-08-30T15:41:00", "cpe": ["cpe:/a:satollo:giveaway:1.2.2"], "id": "CVE-2021-24497", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24497", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:satollo:giveaway:1.2.2:*:*:*:*:wordpress:*:*"]}], "wpvulndb": [{"lastseen": "2021-09-14T23:31:34", "description": "The plugin is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $post_id on the options.php page.\n\n### PoC\n\n1\\. Navigate in Wordpress panel to Settings -> Giveaway 2\\. Intercept the request in Burp Suite 3\\. Click on \"Select\" button at the very top 4\\. payload: (select*from(select(sleep(10)))a) 5\\. modify POST parameter \"options%5Bpost%5D\" with SQLi payload 6\\. the page will sleep for 10 seconds\n", "cvss3": {}, "published": "2021-07-20T00:00:00", "type": "wpvulndb", "title": "Giveaway <= 1.2.2 - Authenticated SQL Injection", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-24497"], "modified": "2021-07-20T11:42:33", "id": "WPVDB-ID:A1CF08FE-943A-4F14-BEB0-25216011B538", "href": "https://wpscan.com/vulnerability/a1cf08fe-943a-4f14-beb0-25216011b538", "sourceData": "", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "patchstack": [{"lastseen": "2022-06-01T19:31:26", "description": "Authenticated SQL Injection (SQLi) vulnerability discovered by Mesut Cetin in WordPress Giveaway plugin (versions <= 1.2.2).\n\n## Solution\n\n\r\n This plugin has been closed as of July 1, 2021 and is not available for download. This closure is temporary, pending a full review.\r\n ", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-20T00:00:00", "type": "patchstack", "title": "WordPress Giveaway plugin <= 1.2.2 - Authenticated SQL Injection (SQLi) vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24497"], "modified": "2021-07-20T00:00:00", "id": "PATCHSTACK:A15362BD4139F4E1B859649BE116A7FD", "href": "https://patchstack.com/database/vulnerability/giveaway/wordpress-giveaway-plugin-1-2-2-authenticated-sql-injection-sqli-vulnerability", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}