daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2022/CVE-2022-0827.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-04-13 11:09:17 -04:00
parent 5776036ad8
commit 420c942806
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2022/CVE-2022-0827.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-0827
info:
name: Bestbooks <= 2.6.3 - Unauthenticated SQLi
name: WordPress Best Books <=2.6.3 - SQL Injection
author: theamanrawat
severity: critical
description: |
The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users.
WordPress Best Books plugin through 2.6.3 is susceptible to SQL injection. The plugin does not sanitize and escape some parameters before using them in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://wpscan.com/vulnerability/0d208ebc-7805-457b-aa5f-ffd5adb2f3be
- https://wordpress.org/plugins/bestbooks/
@ -36,3 +36,5 @@ requests:
- 'status_code == 200'
- 'contains(body, "Account added successfully")'
condition: and
# Enhanced by md on 2023/04/13