Dashboard Builder WordPress Plugin Cross-Site Request Forgery Vulnerability Allowing SQL Injection
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Dashboard Builder WordPress plugin, specifically in versions through 1.5.7. The issue arises from a lack of nonce validation in the settings handler of the dashboardbuilder-admin.php file. This vulnerability allows unauthenticated attackers to manipulate the SQL query and database credentials used by the [show-dashboardbuilder] shortcode. By tricking a site administrator into clicking a link, an attacker can execute arbitrary SQL commands and exfiltrate data through the publicly visible chart output.
Impact
Exploitation of this vulnerability could lead to unauthorized SQL injection, allowing attackers to execute arbitrary SQL commands on the database. This could result in unauthorized data access or manipulation, depending on the nature of the injected SQL commands.
Reproduction
To reproduce this vulnerability, an attacker must first craft a forged request that exploits the missing nonce validation. This request should be designed to modify the SQL query and database credentials stored by the Dashboard Builder plugin. The attacker then needs to trick a site administrator into clicking a link that activates this forged request. Once the request is executed, the modified SQL query will be processed when the [show-dashboardbuilder] shortcode is used, executing the injected SQL commands on the website's database.
Remediation
No known patch is available for this vulnerability. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.