exploitDog

GHSA-79q2-v554-rhr4

Опубликовано: 14 июн. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users

The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users

Ссылки

EPSS

Процентиль: 98%

0.64426

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-0786

CVSS3: 9.8

nvd

больше 3 лет назад

The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users

EPSS

Процентиль: 98%

0.64426

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89