CVE-2022-0739 PoC — BookingPress < 1.0.11 - Unauthenticated SQL Injection

Source

https://github.com/hadrian3689/wp_bookingpress_1.0.11

Associated Vulnerability

Title:BookingPress < 1.0.11 - Unauthenticated SQL Injection (CVE-2022-0739)
Description:The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection

Description

CVE-2022-0739 Wordpress BookingPress SQLi

Readme

# CVE-2022-0739

CVE-2022-0739 Wordpress BookingPress Plugin < 1.0.11 Unauthenticated SQL Injection

## Getting Started

### Executing program

* With python3
```
python3 sqli.py -u 'http://wordpress.site' -p 'wpnonce_value'
```

## Help

For help menu:
```
python3 sqli.py -h
```

## Disclaimer
All the code provided on this repository is for educational/research purposes only. Any actions and/or activities related to the material contained within this repository is solely your responsibility. The misuse of the code in this repository can result in criminal charges brought against the persons in question. Author will not be held responsible in the event any criminal charges be brought against any individuals misusing the code in this repository to break the law.

File Snapshot


 [4.0K]  /data/pocs/c03bacfff70c9e855287167478765c05d483bc5d
├── [ 771]  README.md
└── [1.9K]  sqli.py

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!