Skip to content
/ CVE-2024-5522-Poc Public

CVE-2024-5522 HTML5 Video Player <= 2.5.26 - Unauthenticated SQL Injection

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

truonghuuphuc/CVE-2024-5522-Poc

BranchesTags

Repository files navigation

CVE-2024-5522-Poc

CVE-2024-5522 HTML5 Video Player <= 2.5.26 - Unauthenticated SQL Injection

Setup env:

  1. Install HTML5 Video Player version 2.5.24 because version have html5-video-player.2.5.24\inc\Database\Videos.php create table h5vp_videos and version >=2.5.25 database folder not found image

  2. Active HTML5 Video Player version 2.5.24 after check database

image

  1. If you test HTML5 Video Player version 2.5.26 . Use command remove folder plugin HTML5 Video Player version 2.5.24 after remove plugin check ensure table wp_h5vp_videos exists on database (note: not uninstall plugin on dashboards website)

image

  1. Install HTML5 Video Player version 2.5.26 and active

Analysis

File: wp-content/plugins/html5-video-player/inc/Rest/VideoController.php

image

Method: another_check default return true =>

image

Method: get_item

image

Poc:

Poc.mp4

About

CVE-2024-5522 HTML5 Video Player <= 2.5.26 - Unauthenticated SQL Injection

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages