SNS Vulnerability

WordPress Third-Party Plugins Multiple Vulnerabilities

Description

(#Several vulnerabilities have been identified in third party modules of WordPress:#- Single Personal Message: SQL injection after authentication in the "message" parameter of the "admin.php" page#- WA Form Builder: SQL injection in the "wa_forms_Id" in the "WAFormBuilder" forms#- Product Catalog: SQL injection in the "selectedCategory" parameter of the "UpdateCategoryList" forms#- BBS e-Franchise: SQL injection in the "uid" parameter of the "franchise.class.php" page#- Insert Html Snippet: cross-site request forgery#- Gallery - Image Gallery: stored cross-site scripting#- WP Vault: local file inclusion in the "wpv-image" parameter.##Proofs of concept are available.)

Vulnerable Products

Vulnerable Software:
WordPress (WordPress) -

Solution

- Gallery - Image Gallery: 2.0.6.

CVE

References

- exploit-db : Wordpress Plugin Single Personal Message 1.0.3 - SQL Injection
https://www.exploit-db.com/exploits/40870/
- wpvulndb : WA Form Builder 1.1 - Unauthenticated SQL Injection
https://wpvulndb.com/vulnerabilities/8687
- wpvulndb : Product Catalog 8 1.2 - Unauthenticated SQL Injection
https://wpvulndb.com/vulnerabilities/8686
- wpvulndb : BBS e-Franchise 1.1.1 - Unauthenticated SQL Injection
https://wpvulndb.com/vulnerabilities/8685
- wpvulndb : Insert Html Snippet <= 1.2 - Cross-Site Request Forgery (CSRF)
https://wpvulndb.com/vulnerabilities/8682
- sumofpwn : Stored Cross-Site Scripting in Gallery - Image Gallery WordPress Plugin
https://sumofpwn.nl/advisory/2016/stored_cross_site_scripting_in_gallery___image_gallery_wordpress_plugin.html
- exploit-db : Wordpress Plugin WP Vault 0.8.6.6 - Local File Inclusion
https://www.exploit-db.com/exploits/40850/

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
SQL injection Prevention - GET : suspicious OR statement in URL	3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL	3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL	3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL	3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL	3.2.0
SQL injection Prevention - GET : possible database version probing	3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL	3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL	3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL	3.2.0
SQL injection Prevention - GET : block comment delimiters in URL	3.2.0
Misc : Local File Inclusion - suspicious /etc/passwd found in URL	3.5.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data	5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	5.0.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL	5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data	5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements	5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data	5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data	5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement	5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data	5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data	5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data	5.0.0
SQL injection Prevention - POST : suspicious OR statement in data	5.0.0
SQL injection Prevention - POST : possible version probing in data	5.0.0
SQL injection Prevention - GET : suspicious SQL keywords in URL	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2016-12-05

Target Type

Server

Possible exploit

Remote