{"id":3690,"date":"2024-04-30T09:45:25","date_gmt":"2024-04-30T09:45:25","guid":{"rendered":"http:\/\/127.0.0.1\/barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor\/"},"modified":"2024-04-30T09:45:25","modified_gmt":"2024-04-30T09:45:25","slug":"barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor\/","title":{"rendered":"Barcode Scanner with Inventory & Order Manager <= 1.5.4 – Inyecci\u00f3n SQL Autenticada (Suscriptor+)"},"content":{"rendered":"
El plugin Barcode Scanner and Inventory manager para WordPress es vulnerable a Inyecci\u00f3n SQL ciega a trav\u00e9s del par\u00e1metro ‘currentIds’ en todas las versiones hasta la 1.5.4, debido a la insuficiente escapada en el par\u00e1metro proporcionado por el usuario y falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, agregar consultas SQL adicionales en consultas existentes que pueden ser utilizadas para extraer informaci\u00f3n sensible de la base de datos.<\/div>\n

<\/p>\n

Los usuarios afectados por esta vulnerabilidad deben actualizar el plugin a la \u00faltima versi\u00f3n disponible, en este caso, la 1.5.5. Adem\u00e1s, se recomienda restringir los privilegios de los usuarios suscriptores u otros roles de usuario con acceso limitado para reducir el riesgo de explotaci\u00f3n de la vulnerabilidad. Es importante seguir las buenas pr\u00e1cticas de seguridad para proteger los datos de los usuarios y evitar posibles brechas de seguridad en el futuro.<\/div>\n
La importancia de mantener actualizados los plugins y seguir buenas pr\u00e1cticas de seguridad no puede ser subestimada. La vulnerabilidad de Inyecci\u00f3n SQL en Barcode Scanner with Inventory & Order Manager es una clara advertencia de los riesgos asociados con la falta de seguridad en el desarrollo de plugins para WordPress.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Barcode Scanner and Inventory manager para WordPress es vulnerable a Inyecci\u00f3n SQL ciega a trav\u00e9s del par\u00e1metro ‘currentIds’ en todas las versiones hasta la 1.5.4, debido a la insuficiente escapada en el par\u00e1metro proporcionado por el usuario y falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite a atacantes autenticados, con […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1400],"class_list":["post-3690","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-2661"],"yoast_head":"\nBarcode Scanner with Inventory & Order Manager <= 1.5.4 - Inyecci\u00f3n SQL Autenticada (Suscriptor+) - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Barcode Scanner with Inventory & Order Manager <= 1.5.4 - Inyecci\u00f3n SQL Autenticada (Suscriptor+) - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Barcode Scanner and Inventory manager para WordPress es vulnerable a Inyecci\u00f3n SQL ciega a trav\u00e9s del par\u00e1metro ‘currentIds’ en todas las versiones hasta la 1.5.4, debido a la insuficiente escapada en el par\u00e1metro proporcionado por el usuario y falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite a atacantes autenticados, con […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-30T09:45:25+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor\/\",\"url\":\"http:\/\/127.0.0.1\/barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor\/\",\"name\":\"Barcode Scanner with Inventory & Order Manager <= 1.5.4 - Inyecci\u00f3n SQL Autenticada (Suscriptor+) - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-04-30T09:45:25+00:00\",\"dateModified\":\"2024-04-30T09:45:25+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Barcode Scanner with Inventory & Order Manager <= 1.5.4 – Inyecci\u00f3n SQL Autenticada (Suscriptor+)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Barcode Scanner with Inventory & Order Manager <= 1.5.4 - Inyecci\u00f3n SQL Autenticada (Suscriptor+) - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor\/","og_locale":"en_US","og_type":"article","og_title":"Barcode Scanner with Inventory & Order Manager <= 1.5.4 - Inyecci\u00f3n SQL Autenticada (Suscriptor+) - SeguridadWordPress.es","og_description":"El plugin Barcode Scanner and Inventory manager para WordPress es vulnerable a Inyecci\u00f3n SQL ciega a trav\u00e9s del par\u00e1metro ‘currentIds’ en todas las versiones hasta la 1.5.4, debido a la insuficiente escapada en el par\u00e1metro proporcionado por el usuario y falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto permite a atacantes autenticados, con […]","og_url":"http:\/\/127.0.0.1\/barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-04-30T09:45:25+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor\/","url":"http:\/\/127.0.0.1\/barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor\/","name":"Barcode Scanner with Inventory & Order Manager <= 1.5.4 - Inyecci\u00f3n SQL Autenticada (Suscriptor+) - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-04-30T09:45:25+00:00","dateModified":"2024-04-30T09:45:25+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/barcode-scanner-with-inventory-order-manager-1-5-4-inyeccion-sql-autenticada-suscriptor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Barcode Scanner with Inventory & Order Manager <= 1.5.4 – Inyecci\u00f3n SQL Autenticada (Suscriptor+)"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3690"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3690"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3690\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3690"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3690"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3690"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}