exploitDog

GHSA-fw4m-gxhm-8fj4

Опубликовано: 14 июн. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

Ссылки

EPSS

Процентиль: 99%

0.71988

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-0827

CVSS3: 9.8

nvd

больше 3 лет назад

The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

EPSS

Процентиль: 99%

0.71988

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89