Listen to this Post
How the mentioned CVE works:
CVE-2022-35914 is an unauthenticated SQL Injection vulnerability within the WordPress `WP_Query` class. The flaw resides in how the `sanitize_()` function, used for preparing SQL queries, handles user-supplied data. Specifically, the vulnerability is triggered when a multisite installation uses plugins or themes that pass user-controllable input to query parameters. An attacker can send crafted requests containing malicious SQL code to a vulnerable endpoint. Because the input is not properly escaped before being incorporated into the SQL statement, the attacker’s payload is executed directly against the database. This allows for data theft, modification, or even complete control of the affected WordPress site, all without requiring any form of authentication.
Platform: WordPress Core
Version: < 6.0.3
Vulnerability : SQL Injection
Severity: Critical
date: 2022-08-30
Prediction: 2022-09-13
What Undercode Say:
curl -s "http://vulnerable-site.com/?rest_route=/wp/v2/posts&slug[]=1') OR 1=1-- -"
SELECT FROM wp_posts WHERE post_status='inherit' AND post_type='attachment' AND post_name IN ('1') OR 1=1-- -')
How Exploit:
Craft malicious HTTP requests targeting REST API endpoints or other functions using `WP_Query` with parameters like `name` or slug. The payload bypasses escaping to execute arbitrary SQL commands on the database server, enabling data extraction.
Protection from this CVE:
Immediately update WordPress to version 6.0.3 or later. The patch adds proper escaping to the `sanitize_()` function within the `WP_Query` class, ensuring user input is neutralized before database interaction.
Impact:
Complete database compromise, leading to unauthorized access to sensitive data (users, posts, passwords), content modification, and full site takeover.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
