exploitDog

GHSA-xch6-4wp4-m47p

Опубликовано: 09 июн. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.9

Описание

The Realty Workstation WordPress plugin through 1.0.6 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection

The Realty Workstation WordPress plugin through 1.0.6 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection

Ссылки

EPSS

Процентиль: 50%

0.00269

Низкий

4.9 Medium

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-1691

CVSS3: 4.9

nvd

больше 3 лет назад

The Realty Workstation WordPress plugin before 1.0.15 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection

EPSS

Процентиль: 50%

0.00269

Низкий

4.9 Medium

CVSS3

CVE ID

Дефекты

CWE-89