About
CVE-2024-5057 is a critical SQL Injection vulnerability identified in the Easy Digital Downloads plugin for WordPress, affecting versions up to and including 3.2.12.
Description: The vulnerability arises from improper neutralization of special elements used in SQL commands, allowing unauthenticated attackers to inject malicious SQL queries. This can lead to unauthorized access to sensitive information stored in the database.
Impact:
- Confidentiality: High
- Integrity: High
- Availability: High
The National Vulnerability Database (NVD) has assigned a CVSS 3.1 base score of 9.8 (Critical) to this vulnerability.
Mitigation: Users are advised to update the Easy Digital Downloads plugin to version 3.3.1 or later, where this vulnerability has been addressed.
References:
It’s crucial for website administrators using the affected plugin versions to apply the necessary updates promptly to mitigate potential security risks.
Usage
Clone:
git clone https://codeberg.org/bluef1sher/poc-cve-2024-5057.git
Let’s try to inject and get the creds.
cd cve-2024-5057
./configure
make
make install
The expoit is installed as /usr/local/bin/cve-2024-5057.
So
cve-2024-5057 https://wp.example.com
where https://wp.example.com is a target Wordpress site.
Result output
If the site is not vulnerable:
The site is not vulnerable
If the injection succeeded:
username: Admin
password: Secret
returning username and password of the WP site admin.