CVE-2017-20246
Description
WordPress KittyCatfish plugin 2.2 has an SQL injection vulnerability in the 'kc_ad' parameter, allowing unauthenticated attackers to read database contents.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
WordPress KittyCatfish plugin 2.2 has an SQL injection vulnerability in the 'kc_ad' parameter, allowing unauthenticated attackers to read database contents.
Vulnerability
The KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability. This vulnerability exists in the kc_ad GET parameter, which is not properly escaped. Attackers can exploit this by injecting SQL code into base.css.php or kittycatfish.php files within the plugin.
Exploitation
An unauthenticated attacker can exploit this vulnerability by sending a crafted GET request to the vulnerable WordPress site. The attacker needs to target the kc_ad parameter in either base.css.php or kittycatfish.php. By injecting SQL code, the attacker can perform boolean-based blind or time-based blind SQL injection attacks to extract data from the database [2], [3].
Impact
Successful exploitation allows an unauthenticated attacker to read arbitrary data from the WordPress database. In cases of misconfigured web servers, there is a potential for read and write access to the filesystem [2], [3].
Mitigation
The KittyCatfish plugin version 2.2 is affected. According to reference [4], this plugin has been closed and is not available for download as of June 8, 2012. Therefore, there is no official patch available, and users should remove the plugin if it is still installed. The vulnerability was disclosed on March 20, 2017, and was not fixed at that time [2].
AI Insight generated on Jun 9, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <2.2
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"An unescaped GET parameter allows for SQL injection."
Attack vector
An unauthenticated attacker can exploit this vulnerability by injecting SQL code through the 'kc_ad' GET parameter in either base.css.php or kittycatfish.php [ref_id=1]. This allows for the extraction of sensitive database information using boolean-based blind or time-based blind techniques [ref_id=1]. The exploit can be automated using tools like sqlmap [ref_id=1].
Affected code
The vulnerability exists in KittyCatfish version 2.2 for WordPress. The 'kc_ad' GET parameter in the files base.css.php and kittycatfish.php is vulnerable to SQL injection [ref_id=1].
What the fix does
The advisory does not specify a patch or provide details on how the vulnerability was fixed. It states that the vulnerability was not fixed at the time of the exploit submission [ref_id=1]. Therefore, remediation guidance is to update to a version where this issue is addressed, though no specific version is mentioned.
Preconditions
- authThe attacker does not require any authentication.
- inputThe 'kc_ad' GET parameter is vulnerable.
Reproduction
sqlmap -u "http://192.168.20.39/wp-content/plugins/kittycatfish/base.css.php?kc_ad=31&ver=2.0" --dbms --threads=10 --random-agent OR sqlmap -u "http://192.168.20.39/wp-content/plugins/kittycatfish/kittycatfish.php?kc_ad=37&ver=2.0" --dbms --threads=10 --random-agent --dbms=mysql --level 5 --risk=3 [ref_id=1]
Generated on Jun 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.