WordPress KittyCatfish Plugin SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the KittyCatfish WordPress plugin, version 2.2. This vulnerability allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kc_ad' parameter in either 'base.css.php' or 'kittycatfish.php'. The exploitation can be carried out using boolean-based blind or time-based blind techniques to extract sensitive database information.

Impact

Exploitation of this vulnerability allows for arbitrary data to be read from the database. Additionally, if the web server is misconfigured, there may be potential to read and write to the filesystem.

Reproduction

The vulnerability can be reproduced by sending a GET request to 'base.css.php' or 'kittycatfish.php' with an injected SQL payload in the 'kc_ad' parameter. This can be done using a tool like sqlmap, which can automate the exploitation process by using the vulnerable parameter to extract database information.