WordPress Plugin Vulnerabilities
HTTP Headers < 1.18.8 - Admin+ SQL Injection
Description
This plugin has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability.
Proof of Concept
1. Create an SQL file with the following contents: UPDATE wp_options SET option_value = "Hacked" WHERE option_name = "blogname" 2. As an admin user within WP Admin, navigate to Settings > HTTP Headers > Advanced settings. 3. In the "Import" section, click on "Choose file..." and select the SQL file created above. 4. Click "Import settings". 5. Navigate to "Settings" in the sidebar and notice that the "Site Title" has been changed to "Hacked".
Affects Plugins
References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
qerogram(at Kakao Style Corp.)
Submitter
qerogram(at Kakao Style Corp.)
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-04-24 (about 1 years ago)
Added
2023-04-24 (about 1 years ago)
Last Updated
2023-04-25 (about 1 years ago)