WRITEUP #2972

CVE-2022-0478 - WooCommerce Event-Manager Plugin SQL Injection

SQL InjectionSecurity code review

by@castilho101(Castilho)

Program

Automattic (WooCommerce)

Published

Feb 16, 2022

Added to HackDex

May 8, 2023

Read Full Writeuphttps://web.archive.org/web/20220217212342/https://castilho101.github.io/posts/cve-2022-0478-woocommerce-event-manager-plugin-sql-injection/

▸ RELATED WRITEUPS

Breaking Down Barriers: Exploiting Pre-Auth SQL Injection In WhatsUp Gold - CVE-2024-6670

SQL InjectionReverse engineering

Exploiting authorization by nonce in WordPress plugins

RCEArbitrary file upload

Directory Traversal, SQL Injection and Server-Side Request Forgery

SQL InjectionPath traversal

Getting code execution on Veeam through CVE-2023-27532

RCEInsecure deserialization

Spip Preauth RCE 2024: Part 2, A Big Upload

RCEFile upload

Built with ❤️ by Shubham Rawat