CVE-2022-0827

🗓️ 13 Jun 2022 12:41:35Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 82 Views🌐 WEB

The Bestbooks WordPress plugin through 2.6.3 is vulnerable to SQL Injection via an AJAX action

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2022-0827	26 Jan 202500:00	–	circl
CNNVD	WordPress plugin Bestbooks SQL注入漏洞	13 Jun 202200:00	–	cnnvd
CNVD	WordPress Bestbooks plugin SQL注入漏洞	15 Jun 202200:00	–	cnvd
Cvelist	CVE-2022-0827 Bestbooks <= 2.6.3 - Unauthenticated SQLi	13 Jun 202212:41	–	cvelist
Nuclei	WordPress Best Books <=2.6.3 - SQL Injection	5 Jun 202603:02	–	nuclei
NVD	CVE-2022-0827	13 Jun 202213:15	–	nvd
Patchstack	WordPress Bestbooks plugin <= 2.6.3 - Unauthenticated SQL Injection (SQLi) vulnerability	17 May 202200:00	–	patchstack
Prion	Sql injection	13 Jun 202213:15	–	prion
RedhatCVE	CVE-2022-0827	22 May 202522:04	–	redhatcve
VulnCheck KEV	VulnCheck KEV: CVE-2022-0827	30 Nov 202300:00	–	vulncheck_kev

NVD

Vulners

Node

presspage bestbooksRange≤2.6.3wordpress

[
  {
    "product": "Bestbooks",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "2.6.3",
        "status": "affected",
        "version": "2.6.3",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/0d208ebc-7805-457b-aa5f-ffd5adb2f3be

Parameter	Position	Path	Description	CWE
debit	request body	wp-admin/admin-ajax.php	SQL injection via unsanitised AJAX parameters (debit, credit) in Bestbooks plugin leading to unauthenticated SQLi.	CWE-89
credit	request body	wp-admin/admin-ajax.php	SQL injection via unsanitised AJAX parameters (debit, credit) in Bestbooks plugin leading to unauthenticated SQLi.	CWE-89

21 Nov 2024 06:39Current

9.8High risk

Vulners AI Score9.8

CVSS 27.5

CVSS 3.19.8

EPSS0.68016