cbcvebase.
CVE-2022-45805
published 2023-11-03

CVE-2022-45805: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL…

PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.33%
81.4th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3.

Affected

2 ranges
VendorProductVersion rangeFixed in
paytmpayment_gateway<= 2.7.3
paytmpaytm_payment_gatewayn/a – 2.7.3

Detection & IOCsextracted from sources · hover to see the quote

sigma
status_code_2 == 200 AND contains(body_2, "toplevel_page_paytm")
  • HTTP response body containing the string 'toplevel_page_paytm' with a 200 status code can be used to fingerprint vulnerable Paytm Payment Gateway WordPress plugin installations exposed to CVE-2022-45805 SQL injection.
  • ·The vulnerability affects Paytm Payment Gateway WordPress plugin from n/a through version 2.7.3; versions above 2.7.3 are not affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.