Hoq to practically apply CVE-2017-16510? Home › Forums › Hoq to practically apply CVE-2017-16510? This topic contains 0 replies, has 1 voice, and was last updated by BrianMiz 5 months ago. Author Posts September 19, 2019 at 12:23 am #136458 BrianMizMember I am running some sites and set one up deliberatley with a vulnerable wordpress version to test some vulnrabilities. ​ Since it is below version 4.8.3, it is vulnerable to an SQLi via [CVE-2017-16510](https://www.cvedetails.com/cve/CVE-2017-16510/). I understand how it exploits a “double prepare” method in PHP which doesn’t properly sanatize inputs. [Security Focus]([https://www.securityfocus.com/bid/101638/discuss](https://www.securityfocus.com/bid/101638/discuss)) says the exploit can be performed in a browser. ​ What would the actual process for this exploit be? I tried adding `’` to some urls in an attempt to get an SQL error, but no luck. I am looking to test it from an attackers point of view, to see how the vuln works Author Posts You must be logged in to reply to this topic.