exploitDog

GHSA-8qjr-j6r8-5cw7

Опубликовано: 30 нояб. 2021

Источник: github

Github: Не прошло ревью

Описание

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks

Ссылки

EPSS

Процентиль: 68%

0.00567

Низкий

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2021-24889

CVSS3: 7.2

nvd

около 4 лет назад

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks

EPSS

Процентиль: 68%

0.00567

Низкий

CVE ID

Дефекты

CWE-89