CVE-2021-24786 Scanner

The Download Monitor plugin is a widely-used WordPress plugin designed to manage downloads and monitor access. It is typically utilized by website administrators who need an efficient way to track file downloads. This plugin provides comprehensive download management features such as upload, download logs, and custom links. Its user-friendly interface allows even non-technical users to manage downloads easily. Website owners worldwide use it to enhance the download capabilities of their WordPress sites. It is a popular choice for sites that require sophisticated download tracking.

The SQL Injection vulnerability detected in the Download Monitor plugin arises due to insufficient escaping on user-supplied parameters. This allows malicious actors to add unauthorized SQL commands to existing queries. Attackers leveraging this vulnerability can gain access to sensitive information stored within a website's database. This vulnerability is particularly dangerous because it does not require any direct interaction from the end-user once it has been set in motion. The vulnerability's impact is mitigated by its requirement for authenticated access with administrator-level permissions to exploit.

The Download Monitor plugin's SQL Injection vulnerability is specific to the orderby' parameter prior to version 4.4.5. Attackers can exploit this endpoint to append arbitrary SQL commands by failing to escape input properly. This leaves the SQL queries open to manipulation, allowing for unauthorized data extraction or modification. The vulnerable endpoint is part of the plugin's admin panel accessed via specific HTTP requests. The improper preparation of SQL statements, combined with hosted untrusted input, leads to the technical breach. The issue revolves around SQL queries executed without adequate input sanitization, resulting in potential database access for attackers.

If exploited, the SQL Injection vulnerability in Download Monitor could lead to unauthorized data access, data corruption, or data deletion. Attackers could extract sensitive user information, manipulate data records, or completely delete important database contents. Running malicious SQL commands could compromise entire databases, leading to severe data breaches. The website's functionality and reliability might be impaired due to data manipulation. Ultimately, the consequence of the vulnerability's exploitation could be reputational damage and loss of trust for website administrators.

REFERENCES

• https://wpscan.com/vulnerability/a6571f16-66d2-449e-af83-1c6ddd56edfa
• https://plugins.trac.wordpress.org/changeset/2610899/download-monitor
• https://nvd.nist.gov/vuln/detail/CVE-2021-24786