CVE-2017-5611

Опубликовано: 30 янв. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.

Ссылки

http://www.debian.org/security/2017/dsa-3779
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/28/5
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/95816
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037731
Third Party Advisory
VDB Entry
https://codex.wordpress.org/Version_4.7.2
Release Notes
Vendor Advisory
https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
Patch
Third Party Advisory
https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
Patch
Vendor Advisory
https://wpvulndb.com/vulnerabilities/8730
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
Third Party Advisory
http://www.debian.org/security/2017/dsa-3779
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/28/5
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/95816
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037731
Third Party Advisory
VDB Entry
https://codex.wordpress.org/Version_4.7.2
Release Notes
Vendor Advisory
https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
Patch
Third Party Advisory
https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
Patch
Vendor Advisory
https://wpvulndb.com/vulnerabilities/8730
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Версия до 4.7.1 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:oracle:data_integrator:11.1.1.9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08839

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2017-5611

CVSS3: 9.8

ubuntu

больше 8 лет назад

CVE-2017-5611

CVSS3: 9.8

debian

больше 8 лет назад

SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Qu ...

GHSA-r745-4v47-m5c7

CVSS3: 9.8

github

около 3 лет назад

BDU:2021-00683

CVSS3: 9.8

fstec

больше 8 лет назад

Уязвимость функции WP_Query (wp-includes/class-wp-query.php) системы управления содержимым сайта WordPress, позволяющая нарушителю выполнить произвольные SQL команды

EPSS

Процентиль: 92%

0.08839

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89