CVE-2024-27956 PoC — WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability

Source

https://github.com/7aRanchi/CVE-2024-27956-for-fscan

Associated Vulnerability

Title:WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability (CVE-2024-27956)
Description:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.

Description

Yaml PoC rule for fscan.

Readme

# 🛑CVE-2024-27956-for-fscan
_Thanks for PoC by diego-tella_
## _English_
_This is a Yaml PoC rule of CVE-2024-27956 Wordpress Automatic SQLi for fscan._
### _How to use:_
1. _Add the yml file to path:/fscan-main/WebScan/pocs._
2. _Build the fscan's go files._
3. _Start the fscan and enjoy._
### _Attention:_
_If the vulnerability exists,fscan will create a new user by requesting.  
You can change the SQL query if creating a user is not allowed in your test._
## _中文_
_fscan自定义规则：CVE-2024-27956 Wordpress Automatic SQL注入漏洞_
### _如何使用：_
1. _将 yml 规则文件添加到 fscan 目录 /fscan-main/WebScan/pocs 下_
2. _编译fscan_
3. _运行fscan_
### _注意：_
_如果漏洞存在，fscan会在目标WordPress下创建一个用户，如果你的测试不允许创建用户，请修改SQL语句，漏洞存在的回显内容是一样的。_

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!