WordPress Plugin Vulnerabilities
Chopslider <= 3.4 - Unauthenticated Blind SQL Injection
Description
The id parameter of the get_script/index.php page is not sanitised when used in a SQL statement, leading to an unauthenticated blind SQL Injection issue.
Vendor was contacted by researcher, on March 3rd, 2020 but no reply was received.
Proof of Concept
The PoC will be displayed once the issue has been remediated.
Affects Plugins
References
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Callum Murphy
Verified
No
WPVDB ID
Timeline
Publicly Published
2020-05-09 (about 4 years ago)
Added
2020-05-09 (about 4 years ago)
Last Updated
2020-05-12 (about 4 years ago)