What is CVE-2022-0785?

CVE-2022-0785 is a vulnerability in Daily Prayer Time, classified under SQL Injection. Published 2022-04-18.

Is CVE-2022-0785 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Daily Prayer Time

CVE-2022-0785

The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to unauthenticated users), leading to an unau…

Vulnerability class: SQL Injection

EPSS: 0.703 (98.7th percentile) — read the EPSS interpretation.

Affected products

Unknown Daily Prayer Time — versions 2022.03.01

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates
20142995/sectool
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
cyllective/CVEs

References

wpscan.com/vulnerability/e1e09f56-89a4-4d6f-907b-3fb2cb825255 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0785?: CVE-2022-0785 is a vulnerability in Daily Prayer Time, classified under SQL Injection. Published 2022-04-18.
Is CVE-2022-0785 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.