What is CVE-2022-4050?

CVE-2022-4050 is a vulnerability in Joomsport, classified under CWE-89 SQL INJECTION. Published 2022-12-19.

Is CVE-2022-4050 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Joomsport

CVE-2022-4050

The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

EPSS: 0.772 (99.0th percentile) — read the EPSS interpretation.

Affected products

Unknown Joomsport — versions 0

Public proof-of-concept exploits

ARPSyndicate/kenzer-templates
cyllective/CVEs

References

wpscan.com/vulnerability/5c96bb40-4c2d-4e91-8339-e0ddce25912f (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2022-4050?: CVE-2022-4050 is a vulnerability in Joomsport, classified under CWE-89 SQL INJECTION. Published 2022-12-19.
Is CVE-2022-4050 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.