CVE-2026-22850 (CNNVD-202601-3041)

HIGH
中文标题:
WordPress plugin Koko Analytics SQL注入漏洞
英文标题:
Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import
CVSS分数: 8.4
发布时间: 2026-01-19 16:51:00
漏洞类型: SQL注入
状态: PUBLISHED
数据质量分数: 0.40
数据版本: v3
漏洞描述
中文描述:

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Koko Analytics 2.1.3之前版本存在SQL注入漏洞,该漏洞源于未转义分析和导入数据,可能导致任意SQL执行。

英文描述:

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path (`pa`) and referrer (`r`) values to the public tracking endpoint in src/Resources/functions/collect.php, which stores those strings verbatim in the analytics tables. The admin export logic in src/Admin/Data_Export.php writes these stored values directly into SQL INSERT statements without escaping. A crafted path such as "),('999','x');DROP TABLE wp_users;-- breaks out of the value list. When an administrator later imports that export file, the import handler in src/Admin/Data_Import.php reads the uploaded SQL with file_get_contents, performs only a superficial header check, splits on semicolons, and executes each statement via $wpdb->query with no validation of table names or statement types. Additionally, any authenticated user with manage_koko_analytics can upload an arbitrary .sql file and have it executed in the same permissive way. Combined, attacker-controlled input flows from the tracking endpoint into exported SQL and through the import execution sink, or directly via malicious uploads, enabling arbitrary SQL execution. In a worst-case scenario, attackers can achieve arbitrary SQL execution on the WordPress database, allowing deletion of core tables (e.g., wp_users), insertion of backdoor administrator accounts, or other destructive/privilege-escalating actions. Version 2.1.3 patches the issue.

CWE类型:
CWE-89
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
ibericode koko-analytics < 2.1.3 - - cpe:2.3:a:ibericode:koko-analytics:<_2.1.3:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
https://github.com/ibericode/koko-analytics/security/advisories/GHSA-jgfh-264m-xh3q x_refsource_CONFIRM
cve.org
访问
https://github.com/ibericode/koko-analytics/commit/7b7d58f4a1838c8203cf4e7bb59847c982432119 x_refsource_MISC
cve.org
访问
https://drive.google.com/file/d/1HdQKf42prwrBUUG2CwbIkccTp2i6HR6d/view?usp=sharing x_refsource_MISC
cve.org
访问
CVSS评分详情
3.1 (cna)
HIGH
8.4
CVSS向量: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
机密性
HIGH
完整性
HIGH
可用性
HIGH
时间信息
发布时间:
2026-01-19 16:51:00
修改时间:
2026-01-19 16:51:00
创建时间:
2026-01-20 03:10:35
更新时间:
2026-01-27 06:00:17
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2026-22850 2026-01-20 02:19:58 2026-01-19 19:10:35
NVD nvd_CVE-2026-22850 2026-01-20 03:00:05 2026-01-19 19:10:38
CNNVD cnnvd_CNNVD-202601-3041 2026-01-26 02:10:02 2026-01-25 18:11:53
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2026-01-26 02:11:53
vulnerability_type: 未提取 → SQL注入; cnnvd_id: 未提取 → CNNVD-202601-3041; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> SQL注入
  • cnnvd_id: 未提取 -> CNNVD-202601-3041
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2026-01-20 03:10:38
data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • data_sources: ['cve'] -> ['cve', 'nvd']