漏洞描述
WordPress Web Directory Free 是一个用于创建和管理在线目录的插件。该插件版本低于 1.7.0 的 /wp-admin/admin-ajax.php 接口存在 SQL 注入漏洞。攻击者可以通过构造恶意的 SQL 查询,未经授权地访问或修改数据库中的敏感数据,可能导致数据泄露或破坏。
WordPress Web Directory Free < 1.7.0 /wp-admin/admin-ajax.php SQL 注入漏洞 (CVE-2024-3552)
PoC代码
暂无相关漏洞推荐
- POC CVE-2019-10647: ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)
- POC CVE-2019-14950: WP Live Chat Support <= 8.0.27 — Stored Cross-Site Scripting
- POC CVE-2019-17671: WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
- POC CVE-2019-4061: IBM BigFix Platform - Information Disclosure
- POC CVE-2021-2135: Oracle WebLogic Server - Remote Code Execution
- POC CVE-2021-23394: elFinder < 2.1.58 - Remote Code Execution
- POC CVE-2021-37415: Zoho ManageEngine ServiceDesk Plus - Authentication Bypass
- POC CVE-2021-4073: RegistrationMagic <= 5.0.1.7 - Authentication Bypass
- POC CVE-2022-0879: Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
- POC CVE-2023-3388: Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting
- POC CVE-2023-40211: Post Grid <= 2.2.50 - Information Exposure via REST API
- POC CVE-2024-28253: OpenMetaData - SpEL Injection in PUT /api/v1/policies
- POC CVE-2024-31223: Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure