HTTP Headers < 1.18.8 – Admin+ SQL Injection | CVE 2023-1207 | Plugin Vulnerabilities

Description

This plugin has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability.

Proof of Concept

1. Create an SQL file with the following contents:

UPDATE wp_options SET option_value = "Hacked" WHERE option_name = "blogname"

2. As an admin user within WP Admin, navigate to Settings > HTTP Headers > Advanced settings.
3. In the "Import" section, click on "Choose file..." and select the SQL file created above.
4. Click "Import settings".
5. Navigate to "Settings" in the sidebar and notice that the "Site Title" has been changed to "Hacked".

Affects Plugins

Fixed in 1.18.8

References

CVE

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

qerogram(at Kakao Style Corp.)

Submitter

qerogram(at Kakao Style Corp.)

Submitter website

https://github.com/qerogram

Verified

Yes

WPVDB ID

6f3f460b-542a-4d32-8feb-afa1aef57e37

Timeline

Publicly Published

2023-04-24 (about 1 years ago)

Added

2023-04-24 (about 1 years ago)

Last Updated

2023-04-25 (about 1 years ago)

Other

Published

Title

Published

2023-10-03

Title

MStore API < 4.0.7 - Subscriber+ SQLi

Published

2024-03-28

Title

WP Responsive Tabs horizontal vertical and accordion Tabs < 1.1.18 - Authenticated (Contributor+) SQL Injection

Published

2023-03-27

Title

WC Fields Factory < 4.1.7 - ShopManager+ SQLi

Published

2023-11-28

Title

WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs/send_mail endpoint

Published

2019-05-22

Title

WP Booking System < 1.5.2 - CSRF to Authenticated SQL Injection