05-21-2021, 11:01 PM
|
|
|
Confirmed User
Industry Role:
Join Date: Jan 2020
Posts: 221
|
blind SQLi vulnerability in WP Statistics plugin
https://portswigger.net/daily-swig/w...tistics-plugin
Quote:
WP Statistics, a popular web analytics plugin for WordPress, contained a time-based blind SQL injection vulnerability that, if exploited, could result in sensitive information being exfiltrated from a site’s database.
The nature of the high severity (CVSS score 7.5) pre-authenticated vulnerability (CVE-2021-24340) means “exfiltrating information would be a relatively slow process, and it would be impractical to use it to extract bulk records”, said Ram Gall, threat analyst and QA engineer at WordPress security platform Wordfence, in a blog post published on Tuesday (May 18).
|
Quote:
Although the function is supposed to be restricted to administrators, “it was possible to start loading this page’s constructor by sending a request to wp-admin/admin.php with the page parameter set to wps_pages_page”, continued the threat analyst.
“Since the SQL query ran in the Page constructor,” any visitor could trigger the SQL query without logging in. “A malicious actor could then supply malicious values for the ID or type parameters.”
|
__________________
hard core redditor
|
|
|