Exploit for CVE-2024-5522

Name: Exploit for CVE-2024-5522
Rating: 5 (525 reviews)
2024-05-31 | CVSS 6.5
## https://sploitus.com/exploit?id=D75D44F4-6887-5893-8B89-6923A2B68850
# CVE-2024-5522-Poc
CVE-2024-5522 HTML5 Video Player &lt;= 2.5.26 - Unauthenticated SQL Injection

Setup env:
1. Install HTML5 Video Player version 2.5.24 because version have html5-video-player.2.5.24\inc\Database\Videos.php create table h5vp_videos and version >=2.5.25  database folder not found
![image](https://github.com/truonghuuphuc/CVE-2024-5522-Poc/assets/20487674/cb40facd-c24e-4bd0-bb3f-a0e321e3f963)

2. Active HTML5 Video Player version 2.5.24 after check database

![image](https://github.com/truonghuuphuc/CVE-2024-5522-Poc/assets/20487674/7f6e9eaf-2dc6-407b-8407-7bce8cc40a61)

3. If you test HTML5 Video Player version 2.5.26 . Use command remove folder plugin HTML5 Video Player version 2.5.24 after remove plugin check ensure table wp_h5vp_videos exists on database (note: not uninstall plugin on dashboards website)

![image](https://github.com/truonghuuphuc/CVE-2024-5522-Poc/assets/20487674/1fb594ce-a4b9-4654-bb20-1fdc922f5a4f)

4. Install HTML5 Video Player version 2.5.26 and active

Analysis

File: wp-content/plugins/html5-video-player/inc/Rest/VideoController.php

![image](https://github.com/truonghuuphuc/CVE-2024-5522-Poc/assets/20487674/97e1dd11-794d-4ef7-aedf-8f0ca1324988)

Method: another_check default return true => 

![image](https://github.com/truonghuuphuc/CVE-2024-5522-Poc/assets/20487674/c82c8628-9979-4c70-b84b-baa28de8dfa4)

Method: get_item

![image](https://github.com/truonghuuphuc/CVE-2024-5522-Poc/assets/20487674/f86d0b4f-a0c2-41ef-a6ef-473038bbbdd5)

Poc:

https://github.com/truonghuuphuc/CVE-2024-5522-Poc/assets/20487674/23725a4d-9184-4f29-9654-580302ff5030