Vulnerability-Lookup

CNVD-2021-99630

Vulnerability from cnvd - Published: 2021-12-11

Title

WordPress Chameleon CSS插件SQL注入漏洞

Description

WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress Chameleon CSS plugin在1.2及之前版本存在SQL注入漏洞，该漏洞源于插件在其所有AJAX调用中都没有任何CSRF和功能检查，经过身份验证的攻击者可以调用它们并执行未经授权的操作。

Severity

中

Patch Name

WordPress Chameleon CSS插件SQL注入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://wpscan.com/vulnerability/06cb6c14-99b8-45b6-be2e-f4dcca8a4165

Reference

https://codevigilant.com/disclosure/2021/wp-plugin-chameleon-css/

Impacted products

Name
WordPress Chameleon CSS plugin <=1.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-24626",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-24626"
    }
  },
  "description": "WordPress\u662fWordpress\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002\n\nWordPress Chameleon CSS plugin\u57281.2\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u63d2\u4ef6\u5728\u5176\u6240\u6709AJAX\u8c03\u7528\u4e2d\u90fd\u6ca1\u6709\u4efb\u4f55CSRF\u548c\u529f\u80fd\u68c0\u67e5\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u8c03\u7528\u5b83\u4eec\u5e76\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://wpscan.com/vulnerability/06cb6c14-99b8-45b6-be2e-f4dcca8a4165",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-99630",
  "openTime": "2021-12-11",
  "patchDescription": "WordPress\u662fWordpress\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002\r\n\r\nWordPress Chameleon CSS plugin\u57281.2\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u63d2\u4ef6\u5728\u5176\u6240\u6709AJAX\u8c03\u7528\u4e2d\u90fd\u6ca1\u6709\u4efb\u4f55CSRF\u548c\u529f\u80fd\u68c0\u67e5\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u8c03\u7528\u5b83\u4eec\u5e76\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress Chameleon CSS\u63d2\u4ef6SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress Chameleon CSS plugin \u003c=1.2"
  },
  "referenceLink": "https://codevigilant.com/disclosure/2021/wp-plugin-chameleon-css/",
  "serverity": "\u4e2d",
  "submitTime": "2021-11-10",
  "title": "WordPress Chameleon CSS\u63d2\u4ef6SQL\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2021-24626 (GCVE-0-2021-24626)

Vulnerability from cvelistv5 – Published: 2021-11-08 17:34 – Updated: 2024-08-03 19:35

Title

Chameleon CSS <= 1.2 - Subscriber+ SQL Injection

Summary

The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection

Severity

No CVSS data available.

CWE

CWE-89 - SQL Injection
CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

WPScan

References

2 references

URL	Tags
https://wpscan.com/vulnerability/06cb6c14-99b8-45…	x_refsource_MISC
https://codevigilant.com/disclosure/2021/wp-plugi…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Unknown	Chameleon CSS	Affected: 1.2 , ≤ 1.2 (custom)

Credits

Shreya Pohekar of Codevigilant Project

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:35:20.305Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/06cb6c14-99b8-45b6-be2e-f4dcca8a4165"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://codevigilant.com/disclosure/2021/wp-plugin-chameleon-css/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chameleon CSS",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThanOrEqual": "1.2",
              "status": "affected",
              "version": "1.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Shreya Pohekar of Codevigilant Project"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 SQL Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-08T17:34:49.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/06cb6c14-99b8-45b6-be2e-f4dcca8a4165"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://codevigilant.com/disclosure/2021/wp-plugin-chameleon-css/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Chameleon CSS \u003c= 1.2 - Subscriber+ SQL Injection",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24626",
          "STATE": "PUBLIC",
          "TITLE": "Chameleon CSS \u003c= 1.2 - Subscriber+ SQL Injection"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chameleon CSS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.2",
                            "version_value": "1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Shreya Pohekar of Codevigilant Project"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89 SQL Injection"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/06cb6c14-99b8-45b6-be2e-f4dcca8a4165",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/06cb6c14-99b8-45b6-be2e-f4dcca8a4165"
            },
            {
              "name": "https://codevigilant.com/disclosure/2021/wp-plugin-chameleon-css/",
              "refsource": "MISC",
              "url": "https://codevigilant.com/disclosure/2021/wp-plugin-chameleon-css/"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24626",
    "datePublished": "2021-11-08T17:34:49.000Z",
    "dateReserved": "2021-01-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:35:20.305Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-99630

CVE-2021-24626 (GCVE-0-2021-24626)

Tags

Sightings

Nomenclature