CVE-2021-24199 - OpenCVE

The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tms-outsource	Wpdatatables

Configuration 1 [-]

cpe:2.3:a:tms-outsource:wpdatatables:*:*:*:*:premium:wordpress:*:*

No data.

References

Link	Providers
https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/
https://wpdatatables.com/help/whats-new-changelog/
https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-04-12T13:59:17

Updated: 2024-08-03T19:21:18.723Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24199

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-12T14:15:14.930

Modified: 2021-04-13T20:14:43.687

Link: CVE-2021-24199

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "wpDataTables \u2013 Tables & Table Charts", "vendor": "wpDataTables", "versions": [{"lessThan": "3.4.2", "status": "affected", "version": "3.4.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Veno Eivazian, Massimiliano Ferraresi"}], "descriptions": [{"lang": "en", "value": "The wpDataTables \u2013 Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-12T13:59:17", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpdatatables.com/help/whats-new-changelog/"}, {"tags": ["x_refsource_MISC"], "url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280"}], "source": {"discovery": "UNKNOWN"}, "title": "wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24199", "STATE": "PUBLIC", "TITLE": "wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "wpDataTables \u2013 Tables & Table Charts", "version": {"version_data": [{"version_affected": "<", "version_name": "3.4.2", "version_value": "3.4.2"}]}}]}, "vendor_name": "wpDataTables"}]}}, "credit": [{"lang": "eng", "value": "Veno Eivazian, Massimiliano Ferraresi"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The wpDataTables \u2013 Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://wpdatatables.com/help/whats-new-changelog/", "refsource": "MISC", "url": "https://wpdatatables.com/help/whats-new-changelog/"}, {"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/", "refsource": "MISC", "url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"}, {"name": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280", "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:21:18.723Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpdatatables.com/help/whats-new-changelog/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24199", "datePublished": "2021-04-12T13:59:17", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:21:18.723Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tms-outsource:wpdatatables:*:*:*:*:premium:wordpress:*:*", "matchCriteriaId": "00C79193-0FAF-4101-B078-43245C9012E5", "versionEndExcluding": "3.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The wpDataTables \u2013 Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."}, {"lang": "es", "value": "El plugin wp DataTables \u2013 Tables & Table Charts premium WordPress versiones anteriores a 3.4.2, permite a un usuario autenticado poco privilegiado llevar a cabo una inyecci\u00f3n SQL ciega basada en Booleanos en la p\u00e1gina de lista de tablas en el endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, en el par\u00e1metro HTTP POST \"start!\". Esto permite a un atacante acceder a todos los datos de la base de datos y conseguir acceso a la aplicaci\u00f3n de WordPress"}], "id": "CVE-2021-24199", "lastModified": "2021-04-13T20:14:43.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-12T14:15:14.930", "references": [{"source": "contact@wpscan.com", "tags": ["Third Party Advisory"], "url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"}, {"source": "contact@wpscan.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wpdatatables.com/help/whats-new-changelog/"}, {"source": "contact@wpscan.com", "tags": ["Third Party Advisory"], "url": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "contact@wpscan.com", "type": "Primary"}]}