.. / CVE-2022-0867

Exploit for WordPress ARPrice <3.6.1 - SQL Injection (CVE-2022-0867)

Description:

WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

Nuclei Template

View the template here CVE-2022-0867.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-0867.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://wordpress.org/plugins/arprice-responsive-pricing-table/
https://nvd.nist.gov/vuln/detail/CVE-2022-0867
https://wpscan.com/vulnerability/62803aae-9896-410b-9398-3497a838e494
https://github.com/20142995/sectool

.. / CVE-2022-0867 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress ARPrice <3.6.1 - SQL Injection (CVE-2022-0867)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-0867