CVE-2024-5522 Scanner
CVE-2024-5522 scanner - SQL Injection vulnerability in WordPress HTML5 Video Player
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
4 weeks
Scan only one
URL
Toolbox
-
The HTML5 Video Player plugin is widely used on WordPress websites to embed and manage video content. Web developers and site administrators rely on this plugin to provide a seamless video playback experience. It integrates easily with WordPress and offers a variety of customization options. This plugin is especially popular among content creators and bloggers. Its broad adoption makes it a critical component of many online platforms.
This scanner detects an SQL Injection vulnerability in the HTML5 Video Player WordPress plugin. The issue arises due to improper sanitization of a parameter from a REST route, allowing attackers to inject malicious SQL code. Exploiting this vulnerability could enable unauthenticated users to execute arbitrary SQL commands. This can lead to severe security breaches, including data exposure and database manipulation.
The vulnerability is found in the parameter handling of a REST route in the HTML5 Video Player plugin. Specifically, the parameter is not sanitized or escaped properly before being included in an SQL query. The endpoint /wp-json/h5vp/v1/video/0?id= is susceptible to SQL injection. An attacker can manipulate this parameter to inject SQL commands. For example, the payload ' UNION ALL SELECT ... -- - can be used to retrieve sensitive data.
If exploited, this SQL Injection vulnerability can have severe consequences. Attackers can gain unauthorized access to sensitive information stored in the database. They can manipulate or delete data, impacting the integrity and availability of the website. In extreme cases, the entire database could be compromised, leading to significant operational disruptions. Additionally, this can pave the way for further attacks, including privilege escalation and remote code execution.
By using the S4E platform, you can proactively protect your website from critical vulnerabilities like SQL Injection. Our advanced scanning capabilities help identify and mitigate security risks before they can be exploited. Stay ahead of potential threats with comprehensive vulnerability management and detailed reporting. Join our platform to enhance your website's security posture and ensure continuous protection. Benefit from our expertise and keep your digital assets safe.
References:
