admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2022-3254.md

Browse Source
This commit is contained in:
之乎者也 2023-04-13 15:44:59 +08:00 committed by GitHub
parent 5c4503efd2
commit 9b390908af
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2022-3254.md Normal file
View File

@ -0,0 +1,12 @@
## WordPress plugin AWP Classifieds SQL injection vulnerability (CVE-2022-3254)
| **Vulnerability** | **WordPress plugin AWP Classifieds SQL injection vulnerability (CVE-2022-3254)** |
| :----: | :-----|
| **Chinese name** | WordPress AWP Classifieds 插件 admin-ajax.php 文件 type 参数SQL注入漏洞CVE-2022-3254 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/another-wordpress-classifieds"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL2Fub3RoZXItd29yZHByZXNzLWNsYXNzaWZpZWRzIg%3D%3D) |
| **Number of assets affected** | 3526 |
| **Description** | WordPress plugin AWP Classifieds is a leading plug-in that quickly and easily adds classified ads sections to your WordPress website in minutes. WordPress plugin AWP Classifieds has an SQL injection vulnerability prior to 4.3, which is caused by the plugin's inability to escape the type parameter correctly. Attackers can exploit the vulnerability to obtain sensitive information such as user names and passwords. |
| **Impact** | WordPress plugin AWP Classifieds has an SQL injection vulnerability prior to 4.3, which is caused by the plugin's inability to escape the type parameter correctly. Attackers can exploit the vulnerability to obtain sensitive information such as user names and passwords. |
![](https://s3.bmp.ovh/imgs/2023/04/13/812af92728d9dd9a.gif)