CVE-2024-4295 Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash
Call Stack
ES_DB_Lists_Contacts->edit_subscriber_status (\email-subscribers\lite\includes\db\class-es-db-lists-contacts.php:616)
Email_Subscribers_Public->es_email_subscribe_init (\email-subscribers\lite\public\class-email-subscribers-public.php:178)
WP_Hook->apply_filters (\var\www\html\wp-includes\class-wp-hook.php:324)
WP_Hook->do_action (\var\www\html\wp-includes\class-wp-hook.php:348)
do_action (\var\www\html\wp-includes\plugin.php:517)
require_once (\var\www\html\wp-settings.php:695)
require_once (\var\www\html\wp-config.php:133)
require_once (\var\www\html\wp-load.php:50)
require (\var\www\html\wp-blog-header.php:13)
{main} (\var\www\html\index.php:17)
File: email-subscribers/lite/public/class-email-subscribers-public.php
File: email-subscribers/lite/includes/db/class-es-db-lists-contacts.php
Poc:
-
Email Subscribe
-
Check mail
- Found link format: /?es=optin&hash={{encode base64}}
Example link:
http://192.168.110.184:8080/?es=optin&hash=eyJtZXNzYWdlX2lkIjowLCJjYW1wYWlnbl9pZCI6MCwiY29udGFjdF9pZCI6IjMiLCJlbWFpbCI6Imt1cDU4MjQzQGlsZWJpLmNvbSIsImd1aWQiOiJiYXNvd3otZnpjYWRqLXN6ZmxycS1qY2ViYWYtdXpxYm12IiwibGlzdF9pZHMiOlsiMiJdLCJhY3Rpb24iOiJzdWJzY3JpYmUifQ==
Example hash:
eyJtZXNzYWdlX2lkIjowLCJjYW1wYWlnbl9pZCI6MCwiY29udGFjdF9pZCI6IjMiLCJlbWFpbCI6Imt1cDU4MjQzQGlsZWJpLmNvbSIsImd1aWQiOiJiYXNvd3otZnpjYWRqLXN6ZmxycS1qY2ViYWYtdXpxYm12IiwibGlzdF9pZHMiOlsiMiJdLCJhY3Rpb24iOiJzdWJzY3JpYmUifQ==
Decode base64 value from parameter hash:
