SQL Injection

  • Resolved gilibaus

    (@gilibaus)


    8 months, 1 week ago

    I have a WordPress (v. 6.5.5) installation with complianz-GDPR plugin version 7.1.0 (free). Just after installing and activating the plugin, debug.log on the hosting server reported this error:

    [24-Jun-2024 02:53:21 UTC] WordPress database error Illegal mix of collations (utf8_general_ci,IMPLICIT) and (utf8mb4_unicode_520_ci,COERCIBLE) for operation ‘like’ for query SELECT SQL_CALC_FOUND_ROWS wp_posts.ID
    FROM wp_posts
    WHERE 1=1 AND (((wp_posts.post_title LIKE ‘%真実的1z0-1119-1|信頼的な1z0-1119-1 無料ダウンロード試験|試験の準備方法Oracle Cloud Infrastructure for Sunbird Ed Specialty – Rel 1 難易度 ?? URL ? https://www.goshiken.com ?をコピーして開き、【 1z0-1119-1 】を検索して無料でダウンロードしてください1z0-1119-1受験資料更新版%’) OR (wp_posts.post_excerpt LIKE ‘%真実的1z0-1119-1|信頼的な1z0-1119-1 無料ダウンロード試験|試験の準備方法Oracle Cloud Infrastructure for Sunbird Ed Specialty – Rel 1 難易度 ?? URL ? https://www.goshiken.com ?をコピーして開き、【 1z0-1119-1 】を検索して無料でダウンロードしてください1z0-1119-1受験資料更新版%’) OR (wp_posts.post_content LIKE ‘%真実的1z0-1119-1|信頼的な1z0-1119-1 無料ダウンロード試験|試験の準備方法Oracle Cloud Infrastructure for Sunbird Ed Specialty – Rel 1 難易度 ?? URL ? https://www.goshiken.com ?をコピーして開き、【 1z0-1119-1 】を検索して無料でダウンロードしてください1z0-1119-1受験資料更新版%’))) AND (wp_posts.post_password = ”) AND ((wp_posts.post_type = ‘post’ AND (wp_posts.post_status = ‘publish’ OR wp_posts.post_status = ‘acf-disabled’)) OR (wp_posts.post_type = ‘page’ AND (wp_posts.post_status = ‘publish’ OR wp_posts.post_status = ‘acf-disabled’)) OR (wp_posts.post_type = ‘attachment’ AND (wp_posts.post_status = ‘publish’ OR wp_posts.post_status = ‘acf-disabled’)) OR (wp_posts.post_type = ‘e-landing-page’ AND (wp_posts.post_status = ‘publish’ OR wp_posts.post_status = ‘acf-disabled’)))
    ORDER BY (CASE WHEN wp_posts.post_title LIKE ‘%真実的1z0-1119-1|信頼的な1z0-1119-1 無料ダウンロード試験|試験の準備方法Oracle Cloud Infrastructure for Sunbird Ed Specialty – Rel 1 難易度 ?? URL ? https://www.goshiken.com ?をコピーして開き、【 1z0-1119-1 】を検索して無料でダウンロードしてください1z0-1119-1受験資料更新版%’ THEN 2 ELSE 6 END), wp_posts.post_date DESC
    LIMIT 0, 10 made by require(‘wp-blog-header.php’), wp, WP->main, WP->query_posts, WP_Query->query, WP_Query->get_posts

    It appears the database has been infected with possibly malicious contents. As a note, my website has nothing to do with China or chinese language.

    Are you aware of any SQL injection vulnerabilities caused by complianz-GDPR plugin? In case, how can I fix the issue?

    Thanks.

    Cheers

Viewing 1 replies (of 1 total)
  • Plugin Support daniub

    (@daniub)

    Hi,

    Thank you for reaching out with your concerns regarding the security of the Complianz-GDPR plugin, specifically about potential SQL injection vulnerabilities.

    We confirm that there are no known SQL injection vulnerabilities present in the Complianz-GDPR plugin at this moment. Our development and security teams are dedicated to maintaining the highest standards of security and regularly update the plugin to address any potential issues that may arise.

    If you have any further questions or need additional information, please do not hesitate to contact us. We are always here to assist you and ensure your experience with our products is safe and secure.

Viewing 1 replies (of 1 total)
  • The topic ‘SQL Injection’ is closed to new replies.