cve/2022/CVE-2022-0349.md

CVE-2022-0349

Description

The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection

POC

Reference

• https://wpscan.com/vulnerability/1d0dd7be-29f3-4043-a9c6-67d02746463a

Github

• https://github.com/20142995/sectool
• https://github.com/ARPSyndicate/cvemon
• https://github.com/ARPSyndicate/kenzer-templates
• https://github.com/edoardottt/nuclei-cve-gpt