exploitDog

GHSA-xx94-r2jp-2426

Опубликовано: 10 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

Ссылки

EPSS

Процентиль: 99%

0.70646

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-0817

CVSS3: 9.8

nvd

больше 3 лет назад

The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

EPSS

Процентиль: 99%

0.70646

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89