CVE-2022-0658

CVE-2022-0658: CommonsBooking < 2.6.8 - Unauthenticated SQL Injection

Vendor Unknown

Product CommonsBooking

Weakness CWE-89 · SQLi

Published March 14, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection

Key dates

02Disclosure timeline

March 14, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0658

Related vulnerabilities

04Related CVE

CVE-2025-22655 WordPress CWD - Stealth Links plugin <= 1.3 - SQL Injection vulnerability CVE-2025-0861 VR-Frases (collect & share quotes) <= 3.0.1 - Authenticated (Admin+) SQL Injection CVE-2025-8329 code-projects Vehicle Management filter3.php sql injection CVE-2020-6123 CVE-2024-10196 code-projects Pharmacy Management System add_new_invoice.php sql injection