CVE-2022-0747 Scanner
Detects 'SQL Injection' vulnerability in Infographic Maker iList affects v. < 4.3.8
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
4 weeks
Scan only one
Domain, IPv4
Toolbox
-
Infographic Maker iList is a WordPress plugin developed by QuantumCloud, designed for creating engaging infographics and lists directly within WordPress sites. It caters to bloggers, content creators, and marketers who aim to enhance their content's visual appeal and readability. The plugin offers a wide range of templates and customization options, allowing users to easily design and embed infographics into posts or pages. It's used widely across various industries to present data visually, making information easier to understand and share. The plugin integrates seamlessly with WordPress, making it accessible for users with minimal technical expertise.
The technical flaw resides in how the Infographic Maker iList plugin handles the post_id parameter within an AJAX request to the qcld_upvote_action. Specifically, the plugin fails to properly sanitize this parameter before including it in SQL queries executed against the website's database. As a result, an attacker can inject malicious SQL code into the post_id parameter to manipulate the database queries. This can lead to unauthorized access to sensitive information, manipulation of website data, or even database takeover. The vulnerability requires no authentication, making it particularly severe as it can be exploited by any user visiting the website.
Exploiting this SQL Injection vulnerability could lead to several adverse effects, including unauthorized access to sensitive data stored in the website's database, such as user credentials, personal information, and proprietary content. It can also enable attackers to insert fraudulent data, delete content, or manipulate existing data, potentially leading to website defacement or the dissemination of misleading information. In the worst-case scenario, attackers could gain administrative access to the WordPress site, allowing them to take complete control over the affected website.
By leveraging the security scanning capabilities of the S4E platform, users can proactively identify and mitigate vulnerabilities like the SQL Injection in Infographic Maker iList before they are exploited by malicious actors. Membership on our platform provides access to comprehensive vulnerability assessments, including this scanner, helping to safeguard digital assets against emerging threats. Our service enhances cybersecurity posture, minimizes the risk of data breaches, and ensures compliance with industry standards, offering peace of mind and a more secure online presence.
References