nex-forms_SQL-Injection CVE-2023-2114

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2114

https://wpscan.com/vulnerability/3d8ab3a5-1bf8-4216-91fa-e89541e5c43d

Quick Review about the SQL-Injection in the NEX-Forms Plugin for WordPress

Uploaded exploit

Note that this uploaded exploit code isnt for this particular vulnerability... But this is an example how you could make an exploit for this issue.

Vulnerable Versions

From Version 8.3 (Maybe earlier too) till version 8.4

The SQL-Injection itself

The SQL-Injection is placed in the authenticated area from NEX-Forms. When you edit a form and want to safe it, your client sends a post-request to the server with some parameters.

One of those parameters is called 'table' which is vulnerable. There was no sanitizing or filtering.

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
js_sql_enum		js_sql_enum
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

nex-forms_SQL-Injection CVE-2023-2114

Uploaded exploit

Vulnerable Versions

The SQL-Injection itself

Screenshots

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

nex-forms_SQL-Injection CVE-2023-2114

Uploaded exploit

Vulnerable Versions

The SQL-Injection itself

Screenshots

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages