exploitDog

GHSA-5cp7-rvwq-5jc9

Опубликовано: 17 окт. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.2

Описание

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin

Ссылки

EPSS

Процентиль: 67%

0.00537

Низкий

7.2 High

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-3243

CVSS3: 7.2

nvd

больше 3 лет назад

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin

EPSS

Процентиль: 67%

0.00537

Низкий

7.2 High

CVSS3

CVE ID

Дефекты

CWE-89