WordPress Car Park Booking Plugin SQL Injection Vulnerability

A time-based SQL injection vulnerability has been identified in the WordPress Car Park Booking Plugin, specifically in version 13 October 17. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the space_id parameter. Exploitation involves sending GET requests to the booking-page endpoint with malicious space_id values that include AND SLEEP() payloads, enabling attackers to extract sensitive information from the database.

Impact

Exploitation of this vulnerability allows for time-based blind SQL injection, where an attacker can manipulate database queries and potentially extract sensitive information from the database.

Reproduction

To reproduce this vulnerability, send a GET request to the booking-page endpoint with the space_id parameter. Include a payload that uses the AND SLEEP() function to create a time-based delay, indicating successful exploitation. The injected SQL code can be crafted to extract database information, taking advantage of the application's SQL query handling.