.. / CVE-2021-24827

Exploit for WordPress Asgaros Forum <1.15.13 - SQL Injection (CVE-2021-24827)

Description:

WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

Nuclei Template

View the template here CVE-2021-24827.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-24827.yaml

References:

https://plugins.trac.wordpress.org/changeset/2611560/asgaros-forum
https://wordpress.org/plugins/asgaros-forum/
https://nvd.nist.gov/vuln/detail/CVE-2021-24827
https://wpscan.com/vulnerability/36cc5151-1d5e-4874-bcec-3b6326235db1
https://github.com/20142995/sectool

.. / CVE-2021-24827 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Asgaros Forum <1.15.13 - SQL Injection (CVE-2021-24827)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-24827