ZX_CSV Upload 1 – Authenticated SQL Injection | CVE 2016-10943 | Plugin Vulnerabilities

Description

Type user access: admin user.

$_GET[‘id’] is not escaped. URL is accessible for every registered user.

Proof of Concept

1 – Login with admin user.

2 - Send request post:

<form action="http://www.example.com/wp-admin/admin.php?page=zx_csv_plugin_home" method="post">
    <input type="text" name="rsltsbmt" value="a">
    <input type="text" name="table_select" value="wp_terms">
    <input type="text" name="rsltfrom" value="0">
    <input type="text" name="rsltto" value="10">
    <input type="submit" name="">
</form>

Affects Plugins

No known fix

References

CVE

URL

https://lenonleite.com.br/en/2016/12/16/english-zx_csv-upload-1-plugin-wordpress-sql-injection/

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Submitter

Lenon Leite

Submitter website

http://lenonleite.com.br/

Submitter twitter

Verified

Yes

WPVDB ID

e49d9f9d-4113-46b9-b8eb-7c9e35e5885e

Timeline

Publicly Published

2016-12-12 (about 9 years ago)

Added

2016-12-20 (about 9 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2024-10-15

Title

Email Verification for WooCommerce < 2.9.0 - Unauthenticated SQL Injection

Published

2023-11-28

Title

Bravo Translate <= 1.2 - Authenticated (Administrator+) SQL Injection

Published

2023-12-28

Title

GEO my WordPress < 4.0.3 - Authenticated(Administrator+) SQL Injection

Published

2026-03-18

Title

Appointment Booking Calendar < 1.6.10.2 - Unauthenticated SQL Injection via 'fields' Parameter

Published

2015-06-08

Title

Easy2Map Photos < 1.1.0 - SQL Injection