.. / CVE-2022-0773

Exploit for Documentor <= 1.5.3 - Unauthenticated SQL Injection (CVE-2022-0773)

Description:

The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.

Nuclei Template

View the template here CVE-2022-0773.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-0773.yaml

References:

https://wordpress.org/plugins/documentor-lite/
https://nvd.nist.gov/vuln/detail/CVE-2022-0773
https://wpscan.com/vulnerability/55b89de0-30ed-4f98-935e-51f069faf6fc

.. / CVE-2022-0773 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Documentor <= 1.5.3 - Unauthenticated SQL Injection (CVE-2022-0773)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-0773