CVE-2023-6567

Description

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVSS Version 3.1

nvd
CVE ID: CVE-2023-6567
Base Score: 7.5
Base Severity: HIGH
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 3.9

wordfence
CVE ID: CVE-2023-6567
Base Score: 9.8
Base Severity: CRITICAL
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9

Proof Of Concept

Nuclei Templates for CVE-2023-6567

Refrence: Project Discovery GitHub

mimiloveexe

Time-based SQLi

Refrence: GitHub

Refrence: NVD MITRE

Description​

Proof Of Concept​

Description

Proof Of Concept