{"id":2915,"date":"2024-02-16T19:45:08","date_gmt":"2024-02-16T19:45:08","guid":{"rendered":"http:\/\/127.0.0.1\/piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada\/"},"modified":"2024-02-16T19:45:08","modified_gmt":"2024-02-16T19:45:08","slug":"piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada\/","title":{"rendered":"Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 – Inyecci\u00f3n SQL no autenticada"},"content":{"rendered":"
El complemento del Piraeus Bank WooCommerce Payment Gateway para WordPress es vulnerable a una inyecci\u00f3n SQL basada en el tiempo a trav\u00e9s del par\u00e1metro ‘MerchantReference’ en todas las versiones hasta, e incluyendo, la 1.6.5.1 debido a un escapado insuficiente en el par\u00e1metro proporcionado por el usuario y la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite a atacantes no autenticados agregar consultas SQL adicionales a las consultas ya existentes, que pueden ser utilizadas para extraer informaci\u00f3n sensible de la base de datos.<\/div>\n

<\/p>\n

La vulnerabilidad de inyecci\u00f3n SQL en el complemento Piraeus Bank WooCommerce Payment Gateway puede explotarse mediante t\u00e9cnicas de inyecci\u00f3n de tiempo ciego. Los atacantes pueden enviar una solicitud maliciosa con una cadena manipulada en el par\u00e1metro ‘MerchantReference’, la cual se concatena a la consulta SQL existente. Al manipular cuidadosamente la cadena, los atacantes pueden extraer informaci\u00f3n sensible de la base de datos, como nombres de usuario, contrase\u00f1as o datos financieros.<\/div>\n
Para evitar la explotaci\u00f3n de esta vulnerabilidad, se recomienda a los usuarios actualizar a la \u00faltima versi\u00f3n del complemento Piraeus Bank WooCommerce Payment Gateway tan pronto como est\u00e9 disponible. Adem\u00e1s, es fundamental implementar buenas pr\u00e1cticas de seguridad, como mantener todos los complementos y temas actualizados, utilizar contrase\u00f1as fuertes y \u00fanicas, realizar copias de seguridad peri\u00f3dicas del sitio web y monitorizar constantemente cualquier actividad sospechosa o inusual.<\/div>\n","protected":false},"excerpt":{"rendered":"

El complemento del Piraeus Bank WooCommerce Payment Gateway para WordPress es vulnerable a una inyecci\u00f3n SQL basada en el tiempo a trav\u00e9s del par\u00e1metro ‘MerchantReference’ en todas las versiones hasta, e incluyendo, la 1.6.5.1 debido a un escapado insuficiente en el par\u00e1metro proporcionado por el usuario y la falta de preparaci\u00f3n suficiente en la consulta […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[628],"class_list":["post-2915","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-0610"],"yoast_head":"\nPiraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Inyecci\u00f3n SQL no autenticada - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Inyecci\u00f3n SQL no autenticada - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El complemento del Piraeus Bank WooCommerce Payment Gateway para WordPress es vulnerable a una inyecci\u00f3n SQL basada en el tiempo a trav\u00e9s del par\u00e1metro ‘MerchantReference’ en todas las versiones hasta, e incluyendo, la 1.6.5.1 debido a un escapado insuficiente en el par\u00e1metro proporcionado por el usuario y la falta de preparaci\u00f3n suficiente en la consulta […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-16T19:45:08+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada\/\",\"url\":\"http:\/\/127.0.0.1\/piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada\/\",\"name\":\"Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Inyecci\u00f3n SQL no autenticada - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-02-16T19:45:08+00:00\",\"dateModified\":\"2024-02-16T19:45:08+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 – Inyecci\u00f3n SQL no autenticada\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Inyecci\u00f3n SQL no autenticada - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada\/","og_locale":"en_US","og_type":"article","og_title":"Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Inyecci\u00f3n SQL no autenticada - SeguridadWordPress.es","og_description":"El complemento del Piraeus Bank WooCommerce Payment Gateway para WordPress es vulnerable a una inyecci\u00f3n SQL basada en el tiempo a trav\u00e9s del par\u00e1metro ‘MerchantReference’ en todas las versiones hasta, e incluyendo, la 1.6.5.1 debido a un escapado insuficiente en el par\u00e1metro proporcionado por el usuario y la falta de preparaci\u00f3n suficiente en la consulta […]","og_url":"http:\/\/127.0.0.1\/piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-02-16T19:45:08+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada\/","url":"http:\/\/127.0.0.1\/piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada\/","name":"Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Inyecci\u00f3n SQL no autenticada - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-02-16T19:45:08+00:00","dateModified":"2024-02-16T19:45:08+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/piraeus-bank-woocommerce-payment-gateway-1-6-5-1-inyeccion-sql-no-autenticada\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 – Inyecci\u00f3n SQL no autenticada"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2915"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=2915"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/2915\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=2915"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=2915"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=2915"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}