CVE-2022-4050
published 2022-12-19CVE-2022-4050: The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection…
PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.76%
90.8th percentile
The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| beardev | joomsport | < 5.2.8 | 5.2.8 |
Detection & IOCsextracted from sources · hover to see the quote
otherjscaruselcont jsview2
sigma
title: WordPress JoomSport SQLi Detection
detection:
selection:
status_code: 200
condition: and
filter:
- 'contains(content_type, "text/html")'
- 'contains(body, "jscaruselcont jsview2")'- →The SQL injection in JoomSport WordPress plugin (before 5.2.8) is exploitable by unauthenticated users — no authentication required. Monitor for anomalous SQL syntax (e.g., quote characters, boolean/time-based payloads) in HTTP parameters targeting JoomSport plugin endpoints. ↗
- →Fingerprint JoomSport-enabled WordPress sites by checking HTTP response body for the string 'jscaruselcont jsview2', which indicates the vulnerable plugin is active.
- →Probe detection rule uses a payload containing a single quote followed by '=7'' to trigger SQL injection error or behavioral difference — look for this pattern in web server access logs targeting JoomSport plugin parameters.
- ·The detection rule digest is provided for integrity verification of the rule itself. Validate the rule file matches this digest before deployment.
- ·The vulnerability affects JoomSport WordPress plugin versions before 5.2.8 only. Ensure version scoping is applied when deploying detections to avoid false positives on patched installations. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jw82-36j2-hqqj: The JoomSport WordPress plugin before 5
ghsa_unreviewed·2022-12-19
CVE-2022-4050 [CRITICAL] CWE-89 GHSA-jw82-36j2-hqqj: The JoomSport WordPress plugin before 5
The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
VulnCheck
JoomSport WordPress plugin before 5.2.8 SQL Injection
vulncheck·2022·CVSS 9.8
CVE-2022-4050 [CRITICAL] JoomSport WordPress plugin before 5.2.8 SQL Injection
JoomSport WordPress plugin before 5.2.8 SQL Injection
The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
Affected: beardev joomsport
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-13&host_type=src&vulnerability=cve-2022-4050; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-01&host_type=src&vulnerability=cve-2022-4050; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?d
No detection rules found.
Nuclei
WordPress JoomSport <5.2.8 - SQL Injection
nuclei·CVSS 9.8
CVE-2022-4050 [CRITICAL] WordPress JoomSport <5.2.8 - SQL Injection
WordPress JoomSport =7'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "jscaruselcont jsview2")'
condition: and
# digest: 4a0a00473045022100b65456d26b2569324a2b7c38021a5da8492bc780c23467549ed5ea7143ac65a9022003e21dcb30402bed9c3639e36d2784a85cd4e85c072bf1951cde2042750926e3:922c64590222798bb761d5b6d8e72950
Nuclei
TOTOLink - Unauthenticated Command Injection
nuclei·CVSS 9.8
CVE-2022-25082 [CRITICAL] TOTOLink - Unauthenticated Command Injection
TOTOLink - Unauthenticated Command Injection
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
Template:
id: CVE-2022-25082
info:
name: TOTOLink - Unauthenticated Command Injection
author: gy741
severity: critical
description: |
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromi
2022-12-19
Published
Exploited in the wild