What is CVE-2022-0827?

CVE-2022-0827 is a vulnerability in Bestbooks, classified under SQL Injection. Published 2022-06-13.

Is CVE-2022-0827 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Bestbooks

CVE-2022-0827

The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

Vulnerability class: SQL Injection

EPSS: 0.680 (98.6th percentile) — read the EPSS interpretation.

Affected products

Unknown Bestbooks — versions 2.6.3

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
cyllective/CVEs

References

wpscan.com/vulnerability/0d208ebc-7805-457b-aa5f-ffd5adb2f3be (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0827?: CVE-2022-0827 is a vulnerability in Bestbooks, classified under SQL Injection. Published 2022-06-13.
Is CVE-2022-0827 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.