exploitDog

CVE-2017-16955

Опубликовано: 27 нояб. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php.

Ссылки

https://packetstormsecurity.com/files/145059/WordPress-In-Link-1.0-SQL-Injection.html
Third Party Advisory
VDB Entry
https://wpvulndb.com/vulnerabilities/8962
Third Party Advisory
https://packetstormsecurity.com/files/145059/WordPress-In-Link-1.0-SQL-Injection.html
Third Party Advisory
VDB Entry
https://wpvulndb.com/vulnerabilities/8962
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:inlinks_project:inlinks:1.0:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 70%

0.00639

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-f483-r579-gvcq

CVSS3: 8.8

github

больше 3 лет назад

SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php.

EPSS

Процентиль: 70%

0.00639

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89