Lucene search
Ryan DewhurstWPVDB-ID:1A9EF922-81D7-4CAA-AB9D-04F21E8B68F1HistoryAug 26, 2018 - 12:00 a.m.
Gift Voucher <= 4.1.1 - Unauthenticated Blind SQL Injection
2018-08-2600:00:00
Ryan Dewhurst
wpscan.com
6
0.01 Low
EPSS
Percentile
84.0%
The wpgv_doajax_front_template AJAX action (both authenticated and unauthenticated, defined in the front.php) does not sanitised, validate or escape the template_id parameter before using it in a SQL statement, leading to a SQL Injection issue. This has been present since at least 1.0.5 v4.1.0 tried to sanitise user input with sanitize_text_field() which is not sufficient.
PoC
The PoC will be displayed once the issue has been remediated
| CPE | Name | Operator | Version |
|---|---|---|---|
| gift-voucher | eq | * |
References
Related
nuclei
nuclei
WordPress Gift Voucher <4.1.8 - Blind SQL Injection
2023-03-05 13:42:10
patchstack
patchstack
cve
cve
CVE-2018-16159
2018-08-30 15:29:00
cvelist
cvelist
CVE-2018-16159
2018-08-30 15:00:00
nvd
nvd
CVE-2018-16159
2018-08-30 15:29:00
wpexploit
wpexploit
Gift Voucher <= 4.1.1 - Unauthenticated Blind SQL Injection
2018-08-26 00:00:00
prion
prion
Sql injection
2018-08-30 15:29:00