What is CVE-2022-0817?

CVE-2022-0817 is a vulnerability in Badgeos, classified under SQL Injection. Published 2022-05-09.

Is CVE-2022-0817 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Badgeos

CVE-2022-0817

The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

Vulnerability class: SQL Injection

EPSS: 0.647 (98.5th percentile) — read the EPSS interpretation.

Affected products

Unknown Badgeos — versions 3.7.0

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/sectool
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
cyllective/CVEs

References

wpscan.com/vulnerability/69263610-f454-4f27-80af-be523d25659e (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0817?: CVE-2022-0817 is a vulnerability in Badgeos, classified under SQL Injection. Published 2022-05-09.
Is CVE-2022-0817 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.