exploitDog

GHSA-9q3v-827r-c9mw

Опубликовано: 30 нояб. 2021

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user

The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user

Ссылки

EPSS

Процентиль: 71%

0.00661

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2021-24755

CVSS3: 8.8

nvd

около 4 лет назад

The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user

EPSS

Процентиль: 71%

0.00661

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-89