exploitDog

GHSA-v734-49qc-6vhm

Опубликовано: 29 мар. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users

The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users

Ссылки

EPSS

Процентиль: 99%

0.71188

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-0846

CVSS3: 9.8

nvd

почти 4 года назад

The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users

EPSS

Процентиль: 99%

0.71188

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89