Описание
Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.
Ссылки
- Exploit
- Patch
- ExploitPatch
- Exploit
- Patch
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ostenta:yawpp:1.2:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 88%
0.03707
Низкий
6 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.
EPSS
Процентиль: 88%
0.03707
Низкий
6 Medium
CVSS2
Дефекты
CWE-89