CVE-2015-2199

WonderPlugin Audio Player < 2.0 - Authenticated SQL Injection via item[id] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2199. PoCs published by Kacper Szurek.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection and XSS vulnerability in WonderPlugin Audio Player 2.0. The SQLi allows unauthenticated users to extract sensitive data via time-based techniques, while the XSS can execute arbitrary JavaScript in the context of the admin panel or pages using the plugin's shortcode.

Description

Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.

Exploits (1)

exploitdb WORKING POC

by Kacper Szurek · textwebappsphp

https://www.exploit-db.com/exploits/36086

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection and XSS vulnerability in WonderPlugin Audio Player 2.0. The SQLi allows unauthenticated users to extract sensitive data via time-based techniques, while the XSS can execute arbitrary JavaScript in the context of the admin panel or pages using the plugin's shortcode.

Classification

Working Poc 100%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: WonderPlugin Audio Player 2.0

Auth required

Prerequisites: Registered user account on the WordPress site

MITRE ATT&CK