CVE-2024-13322 Scanner

CVE-2024-13322 Scanner - SQL Injection vulnerability in Ads Pro Plugin

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

1 minute

Time Interval

17 days 9 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

The Ads Pro Plugin is a versatile WordPress plugin used widely for managing advertisements across websites. It is developed by scripteo and serves a broad audience seeking to monetize their WordPress websites through effective ad management. It offers a wide range of features including geolocation targeting, scheduling, and multiple ad placement options to enhance website monetization strategies. Users ranging from independent bloggers to large businesses leverage this plugin to generate revenue by displaying ads to their audiences. Its easy integration and multi-purpose functionality make it a preferred choice for WordPress websites needing robust ad management solutions.

The SQL Injection vulnerability in this plugin is a severe issue that can be exploited by attackers to gain unauthorized access to sensitive database information. It exists due to the inadequate handling and sanitization of user input specifically related to SQL queries. This vulnerability allows attackers to manipulate SQL queries through the 'a_id' parameter, potentially allowing them to extract confidential data without authorization. The risk is exacerbated by the lack of required authentication or user privilege for exploiting the vulnerability, making it a high-priority risk for users of affected versions. The vulnerability impacts any application aspect that interacts with the vulnerable endpoint, increasing the chances of a successful attack that can compromise data privacy.

This vulnerability can be leveraged through manipulation of the 'a_id' parameter handled in the plugin's administrative AJAX operations. The plugin fails to adequately sanitize the user input, leading to SQL queries that are vulnerable to injection. Specifically, the vulnerability is accessed via the 'bsa_stats_chart_callback' action, where external input is directly incorporated into dynamically constructed SQL queries. Attackers utilize time-based techniques to confirm injection success by watching for delays caused by heavy queries leveraging functions like 'sleep'. This lack of input validation offers multiple paths through which malicious users can exploit the system to retrieve or manipulate sensitive information residing in the database.

Exploitation of the SQL Injection vulnerability can lead to significant impacts including unauthorized data access and extraction of sensitive information. Attackers could potentially expose confidential customer data, payment records, and other critical information stored in the WordPress database. Beyond data leaks, the compromise could involve data integrity manipulation, where attackers alter database content. In severe scenarios, it could facilitate complete administrative control, allowing further exploitation of the server or phishing developments. Additionally, the affected cloud environments may encounter resource exhaustion, leading to performance degradation or denial of service for legitimate users.

REFERENCES

Get started to protecting your digital assets