Title: SQL injection
Last modified: August 30, 2016

---

# SQL injection

 *  [larry0](https://wordpress.org/support/users/larry0/)
 * (@larry0)
 * [10 years, 8 months ago](https://wordpress.org/support/topic/sql-injection-13/)
 * Hi,
 * I think I found SQL injection in custom-maintenance-mode via POST request to 
   cmmemail argument in ajax_subscriber.php:
    ` 19 $wpuser_result = $wpdb->get_results(“
   SELECT * FROM “.$table_name.” WHERE cmm_email='”.$_GET[‘cmmemail’].”‘”); 20 21
   foreach ( $wpuser_result as $userdetails ) { 22 $cmm_email = $userdetails->cmm_email;
   23 } 24 if($cmm_email!=””) 25 { 26 echo $msg = “Aleardy”; 27 } 28 else 29 { $
   wpdb->insert( $table_name, array( ‘cmm_email’ => $_GET[‘cmmemail’], ‘cmm_date’
   => date(‘Y:m:d H:i:s’)) ); 30 echo $msg = “Success”; 31 } ‘
 * [https://wordpress.org/plugins/custom-maintenance-mode/](https://wordpress.org/plugins/custom-maintenance-mode/)

The topic ‘SQL injection’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/custom-maintenance-mode_797979.svg)
 * [Custom Maintenance Mode](https://wordpress.org/plugins/custom-maintenance-mode/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/custom-maintenance-mode/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/custom-maintenance-mode/)
 * [Active Topics](https://wordpress.org/support/plugin/custom-maintenance-mode/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/custom-maintenance-mode/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/custom-maintenance-mode/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [larry0](https://wordpress.org/support/users/larry0/)
 * Last activity: [10 years, 8 months ago](https://wordpress.org/support/topic/sql-injection-13/)
 * Status: not resolved