.. / CVE-2022-0814

Exploit for Ubigeo de Peru < 3.6.4 - SQL Injection (CVE-2022-0814)

Description:

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections.

Nuclei Template

View the template here CVE-2022-0814.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-0814.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-0814
https://wordpress.org/plugins/ubigeo-peru/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0814
https://wpscan.com/vulnerability/fd84dc08-0079-4fcf-81c3-a61d652e3269
https://github.com/cyllective/CVEs

.. / CVE-2022-0814 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Ubigeo de Peru < 3.6.4 - SQL Injection (CVE-2022-0814)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-0814