exploitDog

GHSA-wp8f-r7rg-qrpg

Опубликовано: 14 дек. 2021

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin through 2.7, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection

The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin through 2.7, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection

Ссылки

EPSS

Процентиль: 72%

0.00703

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2021-24848

CVSS3: 8.8

nvd

около 4 лет назад

The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection

EPSS

Процентиль: 72%

0.00703

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-89