Ultimate Product Catalogue <= 3.1.2 - Unauthenticated SQL Injection



Description
Unauthenticated SQL injection in parameter "SingleProduct" when a web visitor explores a product published by the web administrator. This exploit needs magic_quotes_gpc turned off in the destination server.
 
File Functions/Shortcodes.php line 779
 
Proof of Concept
http://<wordpress site>/?SingleProduct=2'+and+'a'='a
http://<wordpress site>/?SingleProduct=2'+and+'a'='b

Affects Plugin

References

ExploitDB 36823
ExploitDB 36824
PacketStorm 131812

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Submitter Felipe Molina
Submitter Twitter felmoltor
Views 4230
Verified No
WPVDB ID 7948

Timeline

Publicly Published 2015-04-23 (about 5 years ago)
Added 2015-04-27 (about 5 years ago)
Last Updated 2019-10-21 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin