The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the `sort` parameter in the payments listing endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the user-supplied `sort` parameter and lack of sufficient preparation on the existing SQL query in `PaymentRepository.php`, where the sort field is interpolated directly into an ORDER BY clause without sanitization or whitelist validation. PDO prepared statements do not protect ORDER BY column names. GET requests also skip Amelia's nonce validation entirely. This makes it possible for authenticated attackers, with Manager-level (`wpamelia-manager`) access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via time-based blind SQL injection.
The Amelia WordPress plugin for booking appointments is vulnerable to SQL Injection through the sort parameter in payments listing, allowing authenticated managers to extract database information. Attackers can exploit insufficient input validation in the ORDER BY clause to perform time-based blind SQL injection attacks.
ثغرة حقن SQL في إضافة Amelia للحجز والتقويم في WordPress تؤثر على جميع الإصدارات حتى 2.1.2. يمكن للمهاجمين المصرح لهم برصيد مدير الاستفادة من عدم كفاية التحقق من صحة معامل الفرز في نقطة نهاية قائمة المدفوعات لاستخراج معلومات حساسة من قاعدة البيانات.
The Amelia WordPress plugin for booking appointments is vulnerable to SQL Injection through the sort parameter in payments listing, allowing authenticated managers to extract database information. Attackers can exploit insufficient input validation in the ORDER BY clause to perform time-based blind SQL injection attacks.
Update the Amelia plugin to version 2.1.3 or later immediately. Implement input validation and whitelist allowed sort columns. Use parameterized queries or prepared statements for all database operations. Apply the principle of least privilege to WordPress user roles. Monitor database logs for suspicious SQL patterns.
قم بتحديث إضافة Amelia إلى الإصدار 2.1.3 أو أحدث فوراً. قم بتطبيق التحقق من صحة المدخلات وإنشاء قائمة بيضاء للأعمدة المسموحة. استخدم الاستعلامات المعاملة أو العبارات المحضرة لجميع عمليات قاعدة البيانات. طبق مبدأ أقل صلاحية لأدوار مستخدمي WordPress. راقب سجلات قاعدة البيانات للأنماط المريبة.