exploitDog

CVE-2011-4646

Опубликовано: 30 нояб. 2011

Источник: nvd

CVSS2: 6

EPSS Низкий

Описание

SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:lesterchan:wp-postratings:1.50:*:*:*:*:*:*:*

cpe:2.3:a:lesterchan:wp-postratings:1.61:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00318

Низкий

6 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-chv6-6f32-gc59

github

около 3 лет назад

SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.

EPSS

Процентиль: 54%

0.00318

Низкий

6 Medium

CVSS2

Дефекты

CWE-94