CVE-2015-2292

WordPress SEO by Yoast < 1.5.7, 1.6.x < 1.6.4, 1.7.x < 1.7.4 - SQL Injection via order_by or order

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2292. PoCs published by Ryan Dewhurst.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in WordPress SEO by Yoast <= 1.7.3.3. The vulnerability arises from insufficient sanitization of the 'orderby' and 'order' GET parameters, allowing authenticated users to execute arbitrary SQL queries.

Description

Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ryan Dewhurst · textwebappsphp

https://www.exploit-db.com/exploits/36413

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in WordPress SEO by Yoast <= 1.7.3.3. The vulnerability arises from insufficient sanitization of the 'orderby' and 'order' GET parameters, allowing authenticated users to execute arbitrary SQL queries.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: WordPress SEO by Yoast <= 1.7.3.3

Auth required

Prerequisites: Authenticated admin, editor, or author user · Target running WordPress SEO by Yoast <= 1.7.3.3

MITRE ATT&CK