Headline
CVE-2023-5336: Changeset 2980553 for ipanorama-360-virtual-tour-builder-lite – WordPress Plugin Repository
The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Timestamp:
10/18/2023 09:16:44 AM (17 hours ago)
avirtum
Message:
v.1.8.1
Location:
ipanorama-360-virtual-tour-builder-lite/trunk
Files:
- includes/activator.php (2 diffs)
- includes/plugin.php (1 diff)
- ipanorama.php (2 diffs)
- readme.txt (2 diffs)
Legend:
Unmodified
Added
Removed
ipanorama-360-virtual-tour-builder-lite/trunk/includes/activator.php
r2923875
r2980553
20
20
author bigint(20) UNSIGNED NOT NULL DEFAULT 0,
21
21
editor bigint(20) UNSIGNED NOT NULL DEFAULT 0,
22
deleted tinyint NOT NULL DEFAULT 0,
22
23
created datetime NULL,
23
24
modified datetime NULL,
…
…
56
57
$sql = "ALTER TABLE {$table} MODIFY slug varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4\_unicode\_ci";
57
58
$wpdb->query($sql);
58
59
// Add the new column "deleted"
60
$sql = "ALTER TABLE {$table} ADD deleted tinyint NOT NULL DEFAULT 0";
61
$wpdb->query($sql);
62
59
}
63
60
ipanorama-360-virtual-tour-builder-lite/trunk/includes/plugin.php
r2955874
r2980553
436
436
$table = $wpdb->prefix . IPANORAMA\_PLUGIN\_NAME;
437
437
$upload\_dir = wp\_upload\_dir();
438
439
$sql = ($id ? sprintf('SELECT \* FROM %1$s WHERE id=%2$d AND NOT deleted', $table, $id) : sprintf('SELECT \* FROM %1$s WHERE slug="%2$s" AND NOT deleted LIMIT 0, 1', $table, $slug));
440
$item = $wpdb->get\_row($sql, OBJECT);
438
439
$sql = ($id ? $wpdb->prepare("SELECT \* FROM {$table} WHERE id=%d AND NOT deleted", $id) : $wpdb->prepare("SELECT \* FROM {$table} WHERE slug=%s AND NOT deleted LIMIT 0, 1", $slug));
440
$item = $wpdb->get\_row($sql, OBJECT);
441
441
$mode = sanitize\_key(filter\_input(INPUT\_GET, 'mode', FILTER\_DEFAULT));
442
442
ipanorama-360-virtual-tour-builder-lite/trunk/ipanorama.php
r2966033
r2980553
4
4
\* Plugin URI: https://1.envato.market/getipanorama360
5
5
\* Description: iPanorama 360 is the WordPress plugin out there that lets you create excellent virtual tours for clients from directly inside the WordPress admin in seconds. The plugin supports markers for providing information about any part of the scene or for navigation to other rooms/areas. With powerful tooltip system, you can enrich a view with text, images, video, and other online media resources. Use this plugin to create interactive virtual tours, maps, presentations.
6
\* Version: 1.8.0
6
\* Version: 1.8.1
7
7
\* Requires at least: 4.6
8
8
\* Requires PHP: 7.0
…
…
16
16
17
17
define('IPANORAMA\_PLUGIN\_NAME', 'ipanorama');
18
define('IPANORAMA\_PLUGIN\_VERSION', '1.8.0');
18
define('IPANORAMA\_PLUGIN\_VERSION', '1.8.1');
19
19
define('IPANORAMA\_DB\_VERSION', '1.1.0');
20
20
define('IPANORAMA\_SHORTCODE\_NAME', 'ipano');
ipanorama-360-virtual-tour-builder-lite/trunk/readme.txt
r2966033
r2980553
3
3
Tags: virtual tour, real estate tour, panorama, panorama viewer, virtual tour, 360 panorama, interactive tour
4
4
Requires at least: 4.0
5
Tested up to: 6.3.1
5
Tested up to: 6.3.2
6
6
Requires PHP: 7.0
7
Stable tag: 1.8.0
7
Stable tag: 1.8.1
8
8
License: GPLv3
9
9
…
…
140
140
\== Changelog ==
141
141
142
\= 1.8.1 =
143
\* Fix: feedback form
144
\* Fix: SQL injection via shortcode
145
142
146
\= 1.8.0 =
143
147
\* Fix: SQL injection vulnerability (list-table-items.php)
Note: See TracChangeset for help on using the changeset viewer.