Themes Vulnerabilities

Bello < 1.6.0 - Unauthenticated Blind SQL Injection

Description

The theme did not sanitise the bt_bb_listing_field_price_range_to, bt_bb_listing_field_now_open, bt_bb_listing_field_my_lng, listing_list_view and bt_bb_listing_field_my_lat parameters before using them in a SQL statement, leading to SQL Injection issues

Proof of Concept

Affects Themes

bello
Fixed in 1.6.0

References

CVE
CVE-2021-24321
URL
https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-89%5D-Bello-WordPress-Theme-v1.5.9.txt

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
10.0 (critical)

Miscellaneous

Original Researcher
m0ze
Submitter
m0ze
Submitter website
https://m0ze.ru
Submitter twitter
vladm0ze
Verified
No
WPVDB ID
7314f9fa-c047-4e0c-b145-940240a50c02

Timeline

Publicly Published
2021-05-16 (about 4 years ago)
Added
2021-05-16 (about 4 years ago)
Last Updated
2021-05-17 (about 4 years ago)

Other

Published
Title
Published
2014-09-26
Title
All In One WP Security plugin 3.8.2 - 2xSQL Injections
Published
2018-01-01
Title
Smart Google Code Inserter <= 3.4 - Unauthenticated SQL Injection
Published
2022-02-28
Title
BookingPress < 1.0.11 - Unauthenticated SQL Injection
Published
2021-06-29
Title
Image Slider by Ays - Responsive Slider and Carousel < 2.5.0 - Authenticated Blind SQL Injection
Published
2024-09-20
Title
LatePoint < 5.0.12 - Unauthenticated Arbitrary User Password Change via SQL Injection