## https://sploitus.com/exploit?id=D75D44F4-6887-5893-8B89-6923A2B68850
# CVE-2024-5522-Poc
CVE-2024-5522 HTML5 Video Player <= 2.5.26 - Unauthenticated SQL Injection
Setup env:
1. Install HTML5 Video Player version 2.5.24 because version have html5-video-player.2.5.24\inc\Database\Videos.php create table h5vp_videos and version >=2.5.25 database folder not found
![image](https://github.com/truonghuuphuc/CVE-2024-5522-Poc/assets/20487674/cb40facd-c24e-4bd0-bb3f-a0e321e3f963)
2. Active HTML5 Video Player version 2.5.24 after check database
![image](https://github.com/truonghuuphuc/CVE-2024-5522-Poc/assets/20487674/7f6e9eaf-2dc6-407b-8407-7bce8cc40a61)
3. If you test HTML5 Video Player version 2.5.26 . Use command remove folder plugin HTML5 Video Player version 2.5.24 after remove plugin check ensure table wp_h5vp_videos exists on database (note: not uninstall plugin on dashboards website)
![image](https://github.com/truonghuuphuc/CVE-2024-5522-Poc/assets/20487674/1fb594ce-a4b9-4654-bb20-1fdc922f5a4f)
4. Install HTML5 Video Player version 2.5.26 and active
Analysis
File: wp-content/plugins/html5-video-player/inc/Rest/VideoController.php
![image](https://github.com/truonghuuphuc/CVE-2024-5522-Poc/assets/20487674/97e1dd11-794d-4ef7-aedf-8f0ca1324988)
Method: another_check default return true =>
![image](https://github.com/truonghuuphuc/CVE-2024-5522-Poc/assets/20487674/c82c8628-9979-4c70-b84b-baa28de8dfa4)
Method: get_item
![image](https://github.com/truonghuuphuc/CVE-2024-5522-Poc/assets/20487674/f86d0b4f-a0c2-41ef-a6ef-473038bbbdd5)
Poc:
https://github.com/truonghuuphuc/CVE-2024-5522-Poc/assets/20487674/23725a4d-9184-4f29-9654-580302ff5030