cnvd - cnvd-2021-34528

cnvd-2021-34528

Vulnerability from cnvd

Title: WordPress插件SQL注入漏洞（CNVD-2021-34528）

Description:

WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress 插件是WordPress开源的一个应用插件。

Quiz And Survey Master â€“ Best Quiz, Exam and Survey Plugin for WordPress插件 7.1.12版本之前存在SQL注入漏洞，该漏洞源于插件未使用[qsm_result]短代码且没有id属性的页面对result_id GET参数进行清理，将其串联在SQL语句中并导致SQL注入。攻击者可利用该漏洞获取数据库敏感信息。

Severity: 中

Patch Name: WordPress插件SQL注入漏洞（CNVD-2021-34528）的补丁

Patch Description:

Formal description:

目前厂商已提供相关补丁链接，请关注厂商主页及时更新： https://wordpress.org/download/

Reference: https://www.anquanke.com/vul/id/2412698

Impacted products

Name
WordPress WordPress <7.1.12

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-24221"
    }
  },
  "description": "WordPress\u662fWordpress\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002WordPress \u63d2\u4ef6\u662fWordPress\u5f00\u6e90\u7684\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002 \n\nQuiz And Survey Master \u00e2\u20ac\u201c Best Quiz, Exam and Survey Plugin for WordPress\u63d2\u4ef6 7.1.12\u7248\u672c\u4e4b\u524d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u63d2\u4ef6\u672a\u4f7f\u7528[qsm_result]\u77ed\u4ee3\u7801\u4e14\u6ca1\u6709id\u5c5e\u6027\u7684\u9875\u9762\u5bf9result_id GET\u53c2\u6570\u8fdb\u884c\u6e05\u7406\uff0c\u5c06\u5176\u4e32\u8054\u5728SQL\u8bed\u53e5\u4e2d\u5e76\u5bfc\u81f4SQL\u6ce8\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6570\u636e\u5e93\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u63d0\u4f9b\u76f8\u5173\u8865\u4e01\u94fe\u63a5\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://wordpress.org/download/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-34528",
  "openTime": "2021-05-14",
  "patchDescription": "WordPress\u662fWordpress\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002WordPress \u63d2\u4ef6\u662fWordPress\u5f00\u6e90\u7684\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002 \r\n\r\nQuiz And Survey Master \u00e2\u20ac\u201c Best Quiz, Exam and Survey Plugin for WordPress\u63d2\u4ef6 7.1.12\u7248\u672c\u4e4b\u524d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u63d2\u4ef6\u672a\u4f7f\u7528[qsm_result]\u77ed\u4ee3\u7801\u4e14\u6ca1\u6709id\u5c5e\u6027\u7684\u9875\u9762\u5bf9result_id GET\u53c2\u6570\u8fdb\u884c\u6e05\u7406\uff0c\u5c06\u5176\u4e32\u8054\u5728SQL\u8bed\u53e5\u4e2d\u5e76\u5bfc\u81f4SQL\u6ce8\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6570\u636e\u5e93\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress\u63d2\u4ef6SQL\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2021-34528\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress WordPress \u003c7.1.12"
  },
  "referenceLink": "https://www.anquanke.com/vul/id/2412698",
  "serverity": "\u4e2d",
  "submitTime": "2021-04-14",
  "title": "WordPress\u63d2\u4ef6SQL\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2021-34528\uff09"
}

CVE-2021-24221 (GCVE-0-2021-24221)

Vulnerability from cvelistv5

Published

2021-04-12 14:03

Modified

2024-08-03 19:21

Severity ?

CWE

CWE-89 - SQL Injection

Summary

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to use this shortcode in post or pages being author, such user could gain unauthorised access to the DBMS. If the shortcode (without the id attribute) is embed on a public page or post, then unauthenticated users could exploit the injection.

References

▼	URL	Tags
	https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab	x_refsource_CONFIRM
	https://plugins.trac.wordpress.org/changeset/2479603/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Unknown	Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress	Version: 7.1.12 < 7.1.12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:21:19.093Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/2479603/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.1.12",
              "status": "affected",
              "version": "7.1.12",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to use this shortcode in post or pages being author, such user could gain unauthorised access to the DBMS. If the shortcode (without the id attribute) is embed on a public page or post, then unauthenticated users could exploit the injection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 SQL Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-12T14:03:25",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://plugins.trac.wordpress.org/changeset/2479603/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Quiz And Survey Master \u003c 7.1.12 - Authenticated SQL injection via shortcode",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24221",
          "STATE": "PUBLIC",
          "TITLE": "Quiz And Survey Master \u003c 7.1.12 - Authenticated SQL injection via shortcode"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.1.12",
                            "version_value": "7.1.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to use this shortcode in post or pages being author, such user could gain unauthorised access to the DBMS. If the shortcode (without the id attribute) is embed on a public page or post, then unauthenticated users could exploit the injection."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89 SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab"
            },
            {
              "name": "https://plugins.trac.wordpress.org/changeset/2479603/",
              "refsource": "MISC",
              "url": "https://plugins.trac.wordpress.org/changeset/2479603/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24221",
    "datePublished": "2021-04-12T14:03:25",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:21:19.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted