User Control - Unauthenticated SQL Injection



Description
The User Control plugin has a vulnerability that allows every (unauthenticated) website visitor to perform arbitrary SQL queries.

Affects Plugin

References

URL https://gist.github.com/JustThomas/cc6251400b2f7f4f7d4ed900798e9364

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Submitter JustThomas
Submitter Website https://github.com/JustThomas
Views 1238
Verified No
WPVDB ID 9019

Timeline

Publicly Published 2018-01-28 (11 months ago)
Added 2018-01-29 (11 months ago)
Last Updated 2018-01-29 (11 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.