What is CVE-2022-4117?

CVE-2022-4117 is a vulnerability in Iws, classified under CWE-89 SQL INJECTION. Published 2022-12-26.

Is CVE-2022-4117 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Iws

CVE-2022-4117

The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection.

EPSS: 0.608 (98.3th percentile) — read the EPSS interpretation.

Affected products

Unknown Iws — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
cyllective/CVEs

References

wpscan.com/vulnerability/1fac3eb4-13c0-442d-b27c-7b7736208193 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2022-4117?: CVE-2022-4117 is a vulnerability in Iws, classified under CWE-89 SQL INJECTION. Published 2022-12-26.
Is CVE-2022-4117 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.