exploitDog

GHSA-9f8r-5w33-c7jx

Опубликовано: 10 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

Ссылки

EPSS

Процентиль: 99%

0.77316

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-0826

CVSS3: 9.8

nvd

больше 3 лет назад

The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

EPSS

Процентиль: 99%

0.77316

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89