Link-Library <= 5.9.13.26 – Authenticated SQL Injection
Description | Type user access: admin user. $_GET[‘linkid’] is not escaped. |
Proof of Concept |
|
Affects Plugin
fixed in version 5.9.13.27
|
References
URL | http://lenonleite.com.br/en/blog/2017/08/14/link-library-5-9-13-26-plugin-wordpress-sql-injection/ |
URL | https://plugins.trac.wordpress.org/changeset/1713187/link-library |
Classification
Type | SQLI |
OWASP Top 10 | A1: Injection |
CWE | CWE-89 |
Miscellaneous
Submitter | Lenon Leite / Log.pt |
Submitter Website | http://lenonleite.com.br/ |
Submitter Twitter | lenonleite |
Views | 1794 |
Verified | No |
WPVDB ID | 8886 |
Timeline
Publicly Published | 2017-08-14 (over 1 year ago) |
Added | 2017-08-16 (over 1 year ago) |
Last Updated | 2017-08-16 (over 1 year ago) |
Copyright & License
Copyright | All data and resources contained within this page and this web site is Copyright © The WPScan Team. |
License | Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us. |