CVE-2024-38793-PoC Proof of Concept code for exploitation of CVE-2024-38793 (Best Restaurant Menu by PriceListo <= 1.4.1 – Authenticated (Contributor+) SQL Injection).
This is a proof of concept exploit for the vulnerability CVE-2024-38793, an SQL injection vulnerability for versions of the WordPress plugin Best Restaurant Menu a.k.a Great Restaurant Menu WP before 1.4.2.
The vulnerability occurs because of a lack on input sanitization on the groups argument when using the brm_restaurant_menu shortcode.
Note: This does require the credentials of a user with at least Contributor level privileges.
The code will attempt to grab the username and password hashes from the WordPress users table.
What do you think?
It is nice to know your opinion. Leave a comment.