CatFolders WordPress Plugin SQL Injection Vulnerability in CSV Import
Vulnerability
A time-based SQL injection vulnerability has been identified in the CatFolders WordPress plugin, specifically in versions through 2.5.2. The issue arises from inadequate escaping of user-supplied data and insufficient preparation of SQL queries, allowing authenticated attackers with Author-level access or higher to inject additional SQL commands. This exploitation could lead to unauthorized access to sensitive database information.
Impact
Exploitation of this vulnerability allows for time-based SQL injection, where an attacker can manipulate SQL queries to extract sensitive information from the database.
Reproduction
To reproduce this vulnerability, an authenticated user with Author-level access or higher can upload a CSV file through the WordPress REST API. The 'import_csv' endpoint of the 'ImportController' class can be used for this purpose. The CSV file should be crafted to include SQL injection payloads that exploit the vulnerable SQL query handling in the 'FolderModel' class.
Remediation
Users are advised to update the CatFolders WordPress plugin to version 2.5.3 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.