Search...

Newsletter by Supsystic <= 1.5.6 - Authenticated SQL Injection

2021-02-08T00:00:00

ID WPVDB-ID:559EA8CD-B4F5-4332-B581-9162E9CCA5FF
Type wpvulndb
Reporter wpvulndb
Modified 2021-02-10T06:00:42

Description

The GET parameter "sidx" is used in a SQL statement without being sanitised when searching for subscribers in the dashboard, leading to an authenticated SQL Injection issue.

PoC

The PoC will be displayed once the issue has been remediated

JSON Vulners Source

Initial Source

{"id": "WPVDB-ID:559EA8CD-B4F5-4332-B581-9162E9CCA5FF", "type": "wpvulndb", "bulletinFamily": "software", "title": "Newsletter by Supsystic <= 1.5.6 - Authenticated SQL Injection", "description": "The GET parameter \"sidx\" is used in a SQL statement without being sanitised when searching for subscribers in the dashboard, leading to an authenticated SQL Injection issue.\n\n### PoC\n\nThe PoC will be displayed once the issue has been remediated\n", "published": "2021-02-08T00:00:00", "modified": "2021-02-10T06:00:42", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://wpscan.com/vulnerability/559ea8cd-b4f5-4332-b581-9162e9cca5ff", "reporter": "wpvulndb", "references": ["https://vulners.com/exploitdb/EDB-ID:49539"], "cvelist": [], "lastseen": "2021-02-15T22:18:34", "viewCount": 13, "enchantments": {"dependencies": {"references": [], "modified": "2021-02-15T22:18:34", "rev": 2}, "score": {"value": 2.7, "vector": "NONE", "modified": "2021-02-15T22:18:34", "rev": 2}, "vulnersScore": 2.7}, "affectedSoftware": [{"version": "*", "operator": "eq", "name": "newsletter-by-supsystic"}], "exploit": "The PoC will be displayed once the issue has been remediated", "sourceData": "", "generation": 1, "immutableFields": []}

Newsletter by Supsystic &lt;= 1.5.6 - Authenticated SQL Injection

Description

The GET parameter "sidx" is used in a SQL statement without being sanitised when searching for subscribers in the dashboard, leading to an authenticated SQL Injection issue.

PoC

Newsletter by Supsystic <= 1.5.6 - Authenticated SQL Injection