Lucene search
Qerogram(at Kakao Style Corp.)WPEX-ID:6F3F460B-542A-4D32-8FEB-AFA1AEF57E37HistoryApr 24, 2023 - 12:00 a.m.
HTTP Headers < 1.18.8 - Admin+ SQL Injection
2023-04-2400:00:00
qerogram(at Kakao Style Corp.)
52
http headers
sql injection
admin user
wordpress
site title
0.001 Low
EPSS
Percentile
39.5%
This plugin has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability.
1. Create an SQL file with the following contents:
UPDATE wp_options SET option_value = "Hacked" WHERE option_name = "blogname"
2. As an admin user within WP Admin, navigate to Settings > HTTP Headers > Advanced settings.
3. In the "Import" section, click on "Choose file..." and select the SQL file created above.
4. Click "Import settings".
5. Navigate to "Settings" in the sidebar and notice that the "Site Title" has been changed to "Hacked".Related
wpvulndb
wpvulndb
HTTP Headers < 1.18.8 - Admin+ SQL Injection
2023-04-24 00:00:00
nvd
nvd
CVE-2023-1207
2023-05-15 13:15:10
cve
cve
CVE-2023-1207
2023-05-15 13:15:10
prion
prion
Sql injection
2023-05-15 13:15:00
cvelist
cvelist
CVE-2023-1207 HTTP Headers < 1.18.8 - Admin+ SQL Injection
2023-05-15 12:15:30
wordfence
wordfence