CVE-2022-45805
published 2023-11-03CVE-2022-45805: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.33%
81.4th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paytm | payment_gateway | <= 2.7.3 | — |
| paytm | paytm_payment_gateway | n/a – 2.7.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma
status_code_2 == 200 AND contains(body_2, "toplevel_page_paytm")
- →HTTP response body containing the string 'toplevel_page_paytm' with a 200 status code can be used to fingerprint vulnerable Paytm Payment Gateway WordPress plugin installations exposed to CVE-2022-45805 SQL injection.
- ·The vulnerability affects Paytm Payment Gateway WordPress plugin from n/a through version 2.7.3; versions above 2.7.3 are not affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Paytm Payment Gateway <=2.7.3 - SQL Injection
nuclei·CVSS 9.8
CVE-2022-45805 [CRITICAL] WordPress Paytm Payment Gateway <=2.7.3 - SQL Injection
WordPress Paytm Payment Gateway =6'
- 'status_code_2 == 200'
- 'contains(body_2, "toplevel_page_paytm")'
condition: and
# digest: 4a0a0047304502205cc5952164924885b1ef04e3bee20c0854b5d14a39652263d676f52ab4544fb8022100d5c2090ec0ca65fe6de345c055d9775872aee6bf2d46874d60f4df23c9d0f73e:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/paytm-payments/wordpress-paytm-payment-gateway-plugin-2-7-3-auth-sql-injection-sqli-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/paytm-payments/wordpress-paytm-payment-gateway-plugin-2-7-3-auth-sql-injection-sqli-vulnerability?_s_id=cve
2023-11-03
Published