What is CVE-2022-0773?

CVE-2022-0773 is a vulnerability in Documentor – Create Product Documentation, classified under SQL Injection. Published 2022-05-02.

Is CVE-2022-0773 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Documentor – Create Product Documentation

CVE-2022-0773

The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.

Vulnerability class: SQL Injection

EPSS: 0.755 (98.9th percentile) — read the EPSS interpretation.

Affected products

Unknown Documentor – Create Product Documentation — versions 1.5.3

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates
20142995/sectool
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
cyllective/CVEs

References

wpscan.com/vulnerability/55b89de0-30ed-4f98-935e-51f069faf6fc (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0773?: CVE-2022-0773 is a vulnerability in Documentor – Create Product Documentation, classified under SQL Injection. Published 2022-05-02.
Is CVE-2022-0773 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.