WordPress Plugin Vulnerabilities

Video List Manager <= 1.7 - Admin+ SQL Injection

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

Proof of Concept

SELECT query:

1. Log in as admin.
2. Visit the following path on the site: `/wp-admin/admin.php?page=tnt_video_edit_page&videoID=SLEEP%285%29`
3. The browser will take 5 seconds to respond.

DELETE query:

1. Log in as admin.
2. Visit the following path on the site: `/wp-admin/admin.php?page=tnt_video_del_page&videoID=SLEEP%285%29`
3. Click the "Yes" button.
4. The browser will take 5 seconds to respond.

Affects Plugins

Plugin icon
video-list-manager
No known fix

References

CVE
CVE-2023-1408

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
zhangyunpei and Yeting Li VARAS@IIE
Submitter
zhangyunpei
Verified
Yes
WPVDB ID
baf7ef4d-b2ba-48e0-9c17-74fa27e0c15b

Timeline

Publicly Published
2023-04-17 (about 1 years ago)
Added
2023-04-17 (about 1 years ago)
Last Updated
2023-04-17 (about 1 years ago)

Other

Published
Title
Published
2015-07-08
Title
Pretty Link Lite <= 1.6.7 - Authenticated SQL Injection
Published
2014-08-01
Title
TagGator - 'tagid' Parameter SQL Injection
Published
2024-05-10
Title
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.105 - Contributor+ SQL Injection
Published
2012-11-05
Title
Ajax Post Search <= 1.3 - SQL Injection
Published
2023-11-23
Title
Porto Theme - Functionality < 2.12.1 - Unauthenticated SQL Injection