目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2022-21661 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
SQL injection in WordPress
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
WordPress plugin SQL注入漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin 存在SQL注入漏洞,该漏洞源于WP_查询中的不正确清理。攻击者可利用该漏洞执行SQL注入攻击。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
WordPresswordpress-develop < 5.8.3 -
二、漏洞 CVE-2022-21661 的公开POC
#POC 描述源链接神龙链接
1WordPress Core 5.8.2 - 'WP_Query' SQL Injectionhttps://github.com/TAPESH-TEAM/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-InjectionPOC详情
2Nonehttps://github.com/purple-WL/wordpress-CVE-2022-21661POC详情
3Wordpress 5.8.2 CVE-2022-21661 Vuln enviroment POC exploithttps://github.com/0x4E0x650x6F/Wordpress-cve-CVE-2022-21661POC详情
4WordPress WP_Query SQL Injection POChttps://github.com/z92g/CVE-2022-21661POC详情
5CVE-2022-21661 exp for Elementor custom skin.https://github.com/QWERTYisme/CVE-2022-21661POC详情
6The first poc video presenting the sql injection test from ( WordPress Core 5.8.2-'WP_Query' / CVE-2022-21661) https://github.com/APTIRAN/CVE-2022-21661POC详情
7Study and exploit the vulnerability CVE-2022-21661 that allows SQL Injections through plugins POST requests to WordPress versions below 5.8.3.https://github.com/WellingtonEspindula/SSI-CVE-2022-21661POC详情
8Demonstration of the SQL injection vulnerability in wordpress 5.8.2https://github.com/daniel616/CVE-2022-21661-DemoPOC详情
9A Python PoC of CVE-2022-21661, inspired from z92g's Go PoChttps://github.com/sealldeveloper/CVE-2022-21661-PoCPOC详情
10CVE-2022-21661 exp for Elementor custom skin.https://github.com/guestzz/CVE-2022-21661POC详情
11Script to validate WordPress CVE-2022-21661https://github.com/p4ncontomat3/CVE-2022-21661POC详情
12Nonehttps://github.com/CharonDefalt/WordPress--CVE-2022-21661POC详情
13The first poc video presenting the sql injection test from ( WordPress Core 5.8.2-'WP_Query' / CVE-2022-21661) https://github.com/safe3s/CVE-2022-21661POC详情
14CVE-2022-21661 docker and pochttps://github.com/w0r1i0g1ht/CVE-2022-21661POC详情
15Nonehttps://github.com/kittypurrnaz/cve-2022-21661POC详情
16WordPress before 5.8.3 is susceptible to SQL injection through multiple plugins or themes due to improper sanitization in WP_Query, An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-21661.yamlPOC详情
17Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/WordPress%20WP_Query%20SQL%20%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2022-21661.mdPOC详情
18A Python PoC for CVE-2022-21661, adapted from z92g's Go PoC, designed to demonstrate the vulnerability in a more accessible scripting environment.https://github.com/Fauzan-Aldi/CVE-2022-21661POC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2022-21661 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same product: wordpress-develop
Same vendor: WordPress
Same weakness: CWE-89
V. Comments for CVE-2022-21661

暂无评论

发表评论