CVE-2022-0784 PoC — WordPress plugin Title Experiments Free SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-0784.yaml

Associated Vulnerability

Title:WordPress plugin Title Experiments Free SQL注入漏洞 (CVE-2022-0784)
Description:WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin Title Experiments Free 9.0.1 之前版本存在SQL注入漏洞，该漏洞源于在通过 wpex_titles AJAX 操作（适用于未经身份验证的用户）在 SQL 语句中使用 id 参数之前不会对其进行清理和转义，从而导致未经身份验证的 SQL

Description

WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

File Snapshot


 id: CVE-2022-0784

info:
  name: WordPress Title Experiments Free <9.0.1 - SQL Injection
  author: t

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!