Web Application SecurityWordPress.WP.Statistics.Plugin.current_page_id.SQL.Injection
Description
This indicates an attack attempt to exploit an SQL Injection Vulnerability in WordPress Project WP Statistics.
The vulnerability is due to insufficient sanitization of user-supplied data in current_page_id and current_page_type parameter. A remote unauthenticated attacker can exploit the vulnerability by sending crafted requests to the server. A successful attack may result in arbitrary SQL command execution against the database on the target server.
Affected Products
WordPress Project WP Statistics 13.1.5 and prior
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-25148
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-03-31 | 0.00316 |
CVE References
CVE-2022-25148| ID | 1090501435 |
| Created | Mar 31, 2022 |
| Updated | Mar 31, 2022 |
| Risk |
|
| Default Action | pass |
| Active | |
| Affected OS | Windows, Linux, BSD, Solaris, MacOS |
| Affected App | PHP_app |