SQL injection in Multisite WordPress when being already authenticated as network admin

NeosIT / active-directory-integration2

WordPress plug-in "Next Active Directory Integration"

https://https://wordpress.org/plugins/next-active-directory-integration/

GNU General Public License v3.0

54 stars 25 forks source link

SQL injection in Multisite WordPress when being already authenticated as network admin #196

Closed schakko closed 2 months ago

schakko commented 2 months ago

The GET parameter id is not properly quoted when viewing next_ad_int_blog_profile_relationship. The attack is only possible if the following conditions are matched:

WordPress is set up as a Multisite/network
User is already authenticated
User has themanage_network capabilities