SQL Injection in WordPress Plugin Surveys v1.01.8 (CVE-2017-1002020/1/2)

Critical Vulnerability Information Advisory ID: 193 Vulnerability Title: SQL Injection in Wordpress plugin surveys v1.01.8 Date: 2017-05-21 CVE ID: [CVE-2017-1002020], [CVE-2017-1002021], [CVE-2017-1002022] Download URL: https://wordpress.org/plugins/surveys/ Vendor: http://www.binnyva.com/ Vendor Notification Date: 2017-05-22 Vendor Contact Email: binnyva@gmail.com Vulnerability Description The Wordpress plugin "Surveys" contains SQL injection vulnerabilities. The specific CVE descriptions are as follows: CVE-2017-1002020: - Description: In , is directly embedded into SQL queries without proper sanitization. - Example Code: CVE-2017-1002021: - Description: In , both and are directly embedded into SQL queries without sanitization. - Example Code: CVE-2017-1002022: - Description: In , is directly embedded into SQL queries without sanitization. - Example Code: Exploitation Code Below are example SQLmap commands for exploiting the vulnerabilities:

Goal Reached Thanks to every supporter — we hit 100%!

SQL Injection in WordPress Plugin Surveys v1.01.8 (CVE-2017-1002020/1/2)