WordPress Plugin Pie Register < 3.0.9 - Blind SQL Injection
- Date Published:2018-06-12
- Last Updated:2018-06-13
- Version Affected: WordPress Plugin Pie Register < 3.0.9
- CVE: CVE-2018-10969
WordPress is a blogging platform developed using the PHP language. Users can set up their own websites on servers that support PHP and MySQL databases. WordPress is a personal blog system, and gradually evolved into a content management system software, which is developed using PHP language and MySQL database. Users can use their own blogs on servers that support PHP and MySQL databases.
WordPress Plugin Pie Register can create customized user registration forms, verify and moderate registrations, use invitation codes, membership payments, two-step verification, social login, email marketing, conditional logic and many more features!?There is a Blind SQL Injection vulnerability in the page /pie-register/classes/invitation_code_pagination.php.The page has filtered all the inputs for SQL injection ,but you can use parameter order in order to Inject SQL code.
1.At present, the manufacturer has not provided a patch or an upgrade procedure. We recommend that users who use this software keep an eye on the vendor's homepage to obtain the latest version:https://pieregister.com/
2.Customers who buy the next-generation firewall of Sangfor can turn on the WAF defense module to easily defend against such vulnerabilities