CVE-2021-24221 (GCVE-0-2021-24221)

Vulnerability from cvelistv5 – Published: 2021-04-12 14:03 – Updated: 2024-08-03 19:21
VLAI
Title
Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode
Summary
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to use this shortcode in post or pages being author, such user could gain unauthorised access to the DBMS. If the shortcode (without the id attribute) is embed on a public page or post, then unauthenticated users could exploit the injection.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Credits
Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:21:19.093Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/2479603/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.1.12",
              "status": "affected",
              "version": "7.1.12",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to use this shortcode in post or pages being author, such user could gain unauthorised access to the DBMS. If the shortcode (without the id attribute) is embed on a public page or post, then unauthenticated users could exploit the injection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 SQL Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-12T14:03:25.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://plugins.trac.wordpress.org/changeset/2479603/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Quiz And Survey Master \u003c 7.1.12 - Authenticated SQL injection via shortcode",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24221",
          "STATE": "PUBLIC",
          "TITLE": "Quiz And Survey Master \u003c 7.1.12 - Authenticated SQL injection via shortcode"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.1.12",
                            "version_value": "7.1.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to use this shortcode in post or pages being author, such user could gain unauthorised access to the DBMS. If the shortcode (without the id attribute) is embed on a public page or post, then unauthenticated users could exploit the injection."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89 SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab"
            },
            {
              "name": "https://plugins.trac.wordpress.org/changeset/2479603/",
              "refsource": "MISC",
              "url": "https://plugins.trac.wordpress.org/changeset/2479603/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24221",
    "datePublished": "2021-04-12T14:03:25.000Z",
    "dateReserved": "2021-01-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:21:19.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-24221",
      "date": "2026-05-30",
      "epss": "0.02566",
      "percentile": "0.8578"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-24221\",\"sourceIdentifier\":\"contact@wpscan.com\",\"published\":\"2021-04-12T14:15:15.570\",\"lastModified\":\"2024-11-21T05:52:37.560\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to use this shortcode in post or pages being author, such user could gain unauthorised access to the DBMS. If the shortcode (without the id attribute) is embed on a public page or post, then unauthenticated users could exploit the injection.\"},{\"lang\":\"es\",\"value\":\"El plugin Quiz And Survey Master \u00e2\u20ac\u201c Best Quiz, Exam and Survey Plugin for WordPress versiones anteriores a 7.1.12, no saneaba el par\u00e1metro GET result_id en las p\u00e1ginas con el shortcode [qsm_result] sin el atributo id, concatenando en una declaraci\u00f3n SQL y conllevando a una inyecci\u00f3n SQL.\u0026#xa0;El rol m\u00e1s bajo permitido para usar este shortcode en publicaciones o p\u00e1ginas siendo autor, tal usuario podr\u00eda conseguir acceso no autorizado al DBMS.\u0026#xa0;Si el c\u00f3digo abreviado (sin el atributo id) est\u00e1 insertado en una p\u00e1gina o publicaci\u00f3n p\u00fablica, los usuarios no autenticados podr\u00edan explotar la inyecci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"contact@wpscan.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"7.1.12\",\"matchCriteriaId\":\"642A35DC-1C04-428E-B52C-A561CF6216C4\"}]}]}],\"references\":[{\"url\":\"https://plugins.trac.wordpress.org/changeset/2479603/\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://plugins.trac.wordpress.org/changeset/2479603/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.