exploitDog

CVE-2017-1002018

Опубликовано: 14 сент. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.

Ссылки

http://www.vapidlabs.com/advisory.php?v=192
Exploit
Third Party Advisory
https://wordpress.org/plugins/eventr/
Third Party Advisory
http://www.vapidlabs.com/advisory.php?v=192
Exploit
Third Party Advisory
https://wordpress.org/plugins/eventr/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eventr_project:eventr:1.02.2:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 90%

0.0601

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-x9rf-69wc-h5r5

CVSS3: 9.8

github

больше 3 лет назад

Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.

EPSS

Процентиль: 90%

0.0601

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89