What is CVE-2022-0781?

CVE-2022-0781 is a vulnerability in Nirweb Support, classified under SQL Injection. Published 2022-05-23.

Is CVE-2022-0781 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Nirweb Support

CVE-2022-0781

The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection

Vulnerability class: SQL Injection

EPSS: 0.829 (99.3th percentile) — read the EPSS interpretation.

Affected products

Unknown Nirweb Support — versions 2.8.2

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
cyllective/CVEs

References

wpscan.com/vulnerability/1a8f9c7b-a422-4f45-a516-c3c14eb05161 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0781?: CVE-2022-0781 is a vulnerability in Nirweb Support, classified under SQL Injection. Published 2022-05-23.
Is CVE-2022-0781 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.