This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Time-based SQL Injection in `woof_author` parameter. π **Consequences**: Full database compromise, data theft, or server takeover. Critical impact on confidentiality, integrity, and availability.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **CWE-89**: Improper Neutralization of Special Elements used in an SQL Command. π₯ **Flaw**: Unsanitized user input in the `woof_author` parameter allows malicious SQL payloads.
Q3Who is affected? (Versions/Components)
π’ **Vendor**: realmag777. π¦ **Product**: HUSKY β Products Filter Professional for WooCommerce. π **Affected**: Version 1.3.6 and earlier. β οΈ **Platform**: WordPress/WooCommerce sites.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Hackers Can**: Extract sensitive DB data, modify records, or execute administrative commands. π **Privileges**: High (CVSS 9.8). Can access user credentials, product info, and site config.
π **Public Exp?**: No specific PoC in data. π **References**: WordFence & WP Trac links available. π **Wild Exploitation**: Likely high given low complexity and remote nature.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for `woof_author` parameter in requests. π οΈ **Tools**: Use SQLMap or WAF logs to detect time-based delays. π **Indicator**: Look for unusual latency in filter responses.