admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 18:52:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/CVE-2022-3254.md

13 lines
1.4 KiB
Markdown
Raw Normal View History

Create CVE-2022-3254.md
2023-04-13 15:44:59 +08:00
## WordPress plugin AWP Classifieds SQL injection vulnerability (CVE-2022-3254)
| **Vulnerability** | **WordPress plugin AWP Classifieds SQL injection vulnerability (CVE-2022-3254)** |
| :----: | :-----|
| **Chinese name** | WordPress AWP Classifieds 插件 admin-ajax.php 文件 type 参数SQL注入漏洞CVE-2022-3254 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/another-wordpress-classifieds"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL2Fub3RoZXItd29yZHByZXNzLWNsYXNzaWZpZWRzIg%3D%3D) |
| **Number of assets affected** | 3526 |
| **Description** | WordPress plugin AWP Classifieds is a leading plug-in that quickly and easily adds classified ads sections to your WordPress website in minutes. WordPress plugin AWP Classifieds has an SQL injection vulnerability prior to 4.3, which is caused by the plugin's inability to escape the type parameter correctly. Attackers can exploit the vulnerability to obtain sensitive information such as user names and passwords. |
| **Impact** | WordPress plugin AWP Classifieds has an SQL injection vulnerability prior to 4.3, which is caused by the plugin's inability to escape the type parameter correctly. Attackers can exploit the vulnerability to obtain sensitive information such as user names and passwords. |
![](https://s3.bmp.ovh/imgs/2023/04/13/812af92728d9dd9a.gif)
Reference in New Issue Copy Permalink