Security for everyone

CVE-2022-0747 Scanner

Detects 'SQL Injection' vulnerability in Infographic Maker iList affects v. < 4.3.8

SCAN NOW

Short Info


Level

Critical

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2022-0747 Scanner Detail

Infographic Maker iList is a WordPress plugin developed by QuantumCloud, designed for creating engaging infographics and lists directly within WordPress sites. It caters to bloggers, content creators, and marketers who aim to enhance their content's visual appeal and readability. The plugin offers a wide range of templates and customization options, allowing users to easily design and embed infographics into posts or pages. It's used widely across various industries to present data visually, making information easier to understand and share. The plugin integrates seamlessly with WordPress, making it accessible for users with minimal technical expertise.

The technical flaw resides in how the Infographic Maker iList plugin handles the post_id parameter within an AJAX request to the qcld_upvote_action. Specifically, the plugin fails to properly sanitize this parameter before including it in SQL queries executed against the website's database. As a result, an attacker can inject malicious SQL code into the post_id parameter to manipulate the database queries. This can lead to unauthorized access to sensitive information, manipulation of website data, or even database takeover. The vulnerability requires no authentication, making it particularly severe as it can be exploited by any user visiting the website.

Exploiting this SQL Injection vulnerability could lead to several adverse effects, including unauthorized access to sensitive data stored in the website's database, such as user credentials, personal information, and proprietary content. It can also enable attackers to insert fraudulent data, delete content, or manipulate existing data, potentially leading to website defacement or the dissemination of misleading information. In the worst-case scenario, attackers could gain administrative access to the WordPress site, allowing them to take complete control over the affected website.

By leveraging the security scanning capabilities of the securityforeveryone platform, users can proactively identify and mitigate vulnerabilities like the SQL Injection in Infographic Maker iList before they are exploited by malicious actors. Membership on our platform provides access to comprehensive vulnerability assessments, including this scanner, helping to safeguard digital assets against emerging threats. Our service enhances cybersecurity posture, minimizes the risk of data breaches, and ensures compliance with industry standards, offering peace of mind and a more secure online presence.

 

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture