Live Forms - Visual Form Builder 3.0.1 - Blind SQL Injection



Description
The AJAX action ‘get_reqlist’ is available to all logged in users. The parameter ‘ipp’ sent to this action is vulnerable to Blind MySQL Injection. This can be leveraged by detecting how long a query takes to return.

Affects Plugin

fixed in version 3.2.0

References

CVE 2015-9301
URL https://research.g0blin.co.uk/g0blin-00034/

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Submitter James Hooker
Submitter Website https://research.g0blin.co.uk
Submitter Twitter g0blinResearch
Views 4678
Verified No
WPVDB ID 7855

Timeline

Publicly Published 2015-03-18 (over 5 years ago)
Added 2015-03-18 (over 5 years ago)
Last Updated 2019-11-27 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin