CVE-2022-0267

CVE-2022-0267: AdRotate < 5.8.22 - Admin+ SQL Injection

Vendor Unknown

Product AdRotate – Ad manager & AdSense Ads

Weakness CWE-89 · SQLi

Published March 7, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection

Key dates

02Disclosure timeline

March 7, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0267 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2024-2272 keerti1924 Online-Book-Store-Website HTTP POST Request home.php sql injection CVE-2023-40254 CVE-2025-3350 PHPGurukul Old Age Home Management System view-enquiry.php sql injection CVE-2025-4503 Campcodes Sales and Inventory System customer_update.php sql injection CVE-2024-9296 SourceCodester Advocate Office Management System forgot_pass.php sql injection