Exploit
CVE-2024-9022

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)

Published: Oct 10, 2024 / Updated: 41d ago

010
CVSS 7.2EPSS 0.08%High
CVE info copied to clipboard

Summary

The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.3.9. This vulnerability is due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.

Impact

This vulnerability allows authenticated attackers with Administrator-level access and above to append additional SQL queries to existing queries. This can be exploited to extract sensitive information from the database, potentially leading to unauthorized access to or modification of critical data. The impact is severe as it affects the confidentiality, integrity, and availability of the system, all rated as HIGH according to the CVSS score.

Exploitation

Multiple proof-of-concept exploits are available on github.com, packetstormsecurity.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been addressed in version 2.4.1 of the TS Poll plugin for WordPress. Users should upgrade to this version or later to mitigate the risk.

Mitigation

1. Immediately update the TS Poll plugin to version 2.4.1 or later. 2. Implement the principle of least privilege, limiting administrator access only to trusted users. 3. Regularly audit user accounts with elevated privileges. 4. Implement additional security layers such as Web Application Firewalls (WAF) to help detect and prevent SQL injection attempts. 5. Regularly monitor database logs for any suspicious activities or unauthorized queries. 6. If immediate patching is not possible, consider temporarily disabling the TS Poll plugin until it can be updated.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-9022. See article

Oct 10, 2024 at 2:44 AM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 10, 2024 at 2:44 AM
CVE Assignment

NVD published the first details for CVE-2024-9022

Oct 10, 2024 at 3:15 AM
CVSS

A CVSS base score of 7.2 has been assigned.

Oct 10, 2024 at 3:15 AM / nvd
EPSS

EPSS Score was set to: 0.08% (Percentile: 35.5%)

Oct 10, 2024 at 10:30 AM
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Oct 15, 2024 at 5:12 PM
Static CVE Timeline Graph

Affected Systems

Total-soft/ts_poll
+null more

Exploits

https://github.com/capture0x/Poll-Plugin-SQL-Injection-
+null more

Attack Patterns

CAPEC-108: Command Line Execution through SQL Injection
+null more

News

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 7, 2024 to October 13, 2024)
WordPress Plugins with Reported Vulnerabilities Last Week The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
CVE-2024-9022 Exploit
CVE Id : CVE-2024-9022 Published Date: 2024-10-15T14:34:00+00:00 The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. inTheWild added a link to an exploit: https://packetstormsecurity.com/files/179414/WordPress-Poll-2.3.6-SQL-Injection.html
Update Thu Oct 10 14:37:03 UTC 2024
Update Thu Oct 10 14:37:03 UTC 2024
CVE-2024-9022
Gravedad 3.1 (CVSS 3.1 Base Score) Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
High - CVE-2024-9022 - The TS Poll – Survey, Versus Poll, Image Poll,...
The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.3.9 due to...
See 6 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI