phpwordpresswp-admin
Possible Blind SQL Injection Fault found in wp-ajax.php
Need a suggestion/help for how to apply a workaround to the issue SQL injection found in my WordPress site. I was googling but still couldn't find a proper solution for the same problem.
Vulnerable URL: /wp-admin/admin-ajax.php?action=search1&searchval=--9999
Ideally it should not return any result but I'm getting following responds.
WP Version: version 5.0.3
Server: Windows Server 2012 R2 / IIS8
Solution
thanks for your comments. I was able to solve it by adding an integer value validation.
- Sendgrid can't receive emails in application
- How do I populate a dropdown options from an ajax response
- How to output geoJSON file from mysql spatial table?
- Array value sum by key value php
- Sum the values of a column in a 2d array
- Group values in an array of single-element arrays by second level key and sum values within each group
- SQL - How to SUM and use WHERE clause on this SUM using 4 tables?
- Merge a flat associative array into another associative array
- How to Migrate and seed before the full test suite in Laravel with in memory database?
- How to get/read the cleanest url into Meta Canonical via PHP?
- Generated image with text always off-center
- Composer Curl error 60: SSL certificate problem: unable to get local issuer certificate
- Ignore html tags in preg_replace
- Rector how to work with IntersectionType?
- How to merge two associative multidimensional arrays
- Merge two multidimensional arrays related by shared subarray column values
- Replace an array's values with the values from a lookup array
- Print grouped data as a single array
- Merge and sum data from two associative multidimensional arrays
- How to access a global variable from within a class constructor
- Why does !func() <= 30 always evaluate as true?
- Excessively long text breaks preg_replace()
- PHP isset() with multiple parameters
- Can strings have a dangling concatenation operator?
- How to check if there are multiple versions of PHP installed on Ubuntu 12.04 LTS?
- php convert datetime to UTC
- Regex used in preg_match() is not finding the expected URLs
- PHP script runs fine locally but in production gives Error 324
- Wordpress TinyMCE plugin install failed
- Receiving data from word press