Title: CGI Generic SQL Injection (blind, time based) Last modified: August 30, 2024 --- # CGI Generic SQL Injection (blind, time based) * Resolved [Ruben](https://wordpress.org/support/users/rubenecho/) * (@rubenecho) * [1 year, 9 months ago](https://wordpress.org/support/topic/cgi-generic-sql-injection-blind-time-based/) * Hi, * We have received a PCI scan of our website and there are 2 items – CGI Generic SQL Injection (blind, time-based) and CGI Generic Local File Inclusion that made our report fail with a bit negative impact on us. * After looking into the report we found that this plugin is the caused of the vulnerabilities. This is one of the flagged examples : * `Using the POST HTTP method, SecurityMetrics found that : + The following resources may be vulnerable to local file inclusion : + The'dgwt_wcas' parameter of the/ CGI : / [dgwt_wcas=/%00.html] --------output --------'home-banner') ); ?> * If this something that you guys can address and this could affect more people * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fcgi-generic-sql-injection-blind-time-based%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 2 replies - 1 through 2 (of 2 total) * [Kris](https://wordpress.org/support/users/c0nst/) * (@c0nst) * [1 year, 8 months ago](https://wordpress.org/support/topic/cgi-generic-sql-injection-blind-time-based/#post-17989110) * Hi [@rubenecho](https://wordpress.org/support/users/rubenecho/), * Thanks for letting us know about this. * After initial analysis, this is a **false positive** because the `dgwt_wcas`  parameter is not processed anywhere in the code. FiboSearch only checks if the parameter exists to determine the page related to search results. * To potentially fix the issue, could you share more details about what the report found and how it came to those conclusions? This will help us get a better handle on the vulnerabilities and take the right steps to resolve them. * If any of the details are confidential or sensitive, please don’t publish them. * Regards, Kris * Thread Starter [Ruben](https://wordpress.org/support/users/rubenecho/) * (@rubenecho) * [1 year, 8 months ago](https://wordpress.org/support/topic/cgi-generic-sql-injection-blind-time-based/#post-17993631) * Hi Kris * The information that comes in the report is sensitive so I can share it here. We made some changes server level and we are compliant again so everything is sorted. * Thank you for the help that I know you were going to give if needed * Ruben Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘CGI Generic SQL Injection (blind, time based)’ is closed to new replies. * ![](https://ps.w.org/ajax-search-for-woocommerce/assets/icon-256x256.png?rev= 2883754) * [FiboSearch - Ajax Search for WooCommerce](https://wordpress.org/plugins/ajax-search-for-woocommerce/) * [Frequently Asked Questions](https://wordpress.org/plugins/ajax-search-for-woocommerce/#faq) * [Support Threads](https://wordpress.org/support/plugin/ajax-search-for-woocommerce/) * [Active Topics](https://wordpress.org/support/plugin/ajax-search-for-woocommerce/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ajax-search-for-woocommerce/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ajax-search-for-woocommerce/reviews/) * 3 replies * 2 participants * Last reply from: [Ruben](https://wordpress.org/support/users/rubenecho/) * Last activity: [1 year, 8 months ago](https://wordpress.org/support/topic/cgi-generic-sql-injection-blind-time-based/#post-17993631) * Status: resolved