Analyzing SQLi exploit for WordPress WP Automatic plugin for fun and learning (CVE-2024-27956)

Analyzing SQLi exploit for WordPress WP Automatic plugin for fun and learning (CVE-2024-27956)

CVEs

9.9 Critical Severity

Screenshots from the blog posts

images/clxku0wuvua0g1hokacfk6265.pngimages/clxku0wuvua0g1hokacfk6265.png

Summary

This post explains the exploit for an SQLi vulnerability WordPress WP Automatic plugin (CVE-2024-27956). We understand how the exploit works and explore potential avenues of RCE after we have launched a successful exploit. That should better equip you with hunting and escalating this vulnerability!

Script link

PoC for SQL Injection in CVE-2024-27956. Contribute to diego-tella/CVE-2024-27956-RCE development by creating an account on GitHub.

image

Description

@secatgourity

190 posts

Total vcoins

123.8K

Social media links

Comments (0)