CNVD-2011-6136 Scanner

WordPress is a widely used blogging platform that allows users to set up personal blogs on PHP and MySQL-supported servers. The Evarisk plugin is designed for WordPress to manage risks and document the risk assessment process comprehensively. It is commonly employed by businesses and safety officers to streamline and maintain the records of workplace risks, making it essential in environments that prioritize safety and compliance. The plugin aims to be a comprehensive tool for occupational safety and health management, providing users with structured information on potential workplace hazards. Users favor it for its ability to integrate smoothly with WordPress, leveraging the platform's extensive functionalities. Nevertheless, due to its integration with WordPress, maintaining its security is crucial to avoid unauthorized data manipulation and breaches.

An SQL Injection vulnerability is present in the WordPress Evarisk plugin, specifically affecting version 5.1.3.6 and earlier. This vulnerability occurs within the 'ajax.php' file of the plugin due to insufficient input filtering before using user-supplied data in SQL queries. As a consequence, remote attackers can exploit this flaw to manipulate database queries, potentially accessing or altering critical data stored within the WordPress database. The vulnerability ranks highly on the severity scale because it compromises the integrity and confidentiality of the afflicted systems. With SQL Injection, attackers can construct malicious queries that may execute database commands unintended by the application. This highlights the necessity of employing sanitization and validation mechanisms when processing user input through SQL queries to prevent unauthorized activities.

The technical manifestation of the SQL Injection vulnerability is found in the 'ajax.php' endpoint of the Evarisk plugin. Absent sufficient filtering, the parameter 'nomRacine' within this file is particularly susceptible to injection by attackers. By exploiting this parameter, attackers can execute arbitrary SQL commands via crafted payloads, such as using UNION SELECT statements. The site returns a status code of 200 if the injection is successful, whereby an MD5 hash confirmation indicates the execution of the injected SQL query. This condition furthers the vulnerability, indicating a method of validation bypass and compromise of data integrity. Given the pathing of the request and required inputs, those testing for this vulnerability must ensure crafted inputs reflect patterns matching the unfiltered entries.

The exploitation of this vulnerability can allow malicious actors to read sensitive data from the database, modify or delete data, and potentially damage the reliability and trustworthiness of the website. Unauthorized access to the database can lead to data theft, especially if the database contains sensitive personal or financial information. Additionally, attackers may leverage this vulnerability to add rogue administrative users to WordPress, thereby escalating their privileges and gaining full control over the website. If unchecked, such vulnerabilities can serve as a gateway to broader network infiltration. Moreover, it can tarnish the reputation of businesses using the plugin, potentially resulting in compliance violations if it involves customer data.