Unrated severityNVD Advisory· Published May 9, 2022· Updated Aug 2, 2024
BadgeOS <= 3.7.0 - Unauthenticated SQLi
CVE-2022-0817
Description
The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- wpscan.com/vulnerability/69263610-f454-4f27-80af-be523d25659emitrex_refsource_MISC
News mentions
0No linked articles in our index yet.