.. / CVE-2022-3768

Exploit for WordPress WPSmartContracts <1.3.12 - SQL Injection (CVE-2022-3768)

Description:

WordPress WPSmartContracts plugin before 1.3.12 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker with a role as low as author can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.

Nuclei Template

View the template here CVE-2022-3768.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-3768.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-3768
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3768
https://github.com/ARPSyndicate/cvemon
https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3
https://bulletin.iese.de/post/wp-smart-contracts_1-3-11/
https://cve.report/CVE-2022-3768