CVE-2019-13571

Опубликовано: 29 июл. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.

Ссылки

https://fortiguard.com/zeroday/FG-VD-19-093
Broken Link
https://github.com/beerpwn/ctf/blob/master/CVE/CVE-2019-13571/report.pdf
Exploit
Technical Description
https://github.com/beerpwn/ctf/tree/master/CVE/CVE-2019-13571
Exploit
Technical Description
https://plugins.trac.wordpress.org/changeset/2123623
Release Notes
Third Party Advisory
https://wordpress.org/plugins/advanced-cf7-db/#developers
Third Party Advisory
https://wpvulndb.com/vulnerabilities/9479
Third Party Advisory
VDB Entry
https://fortiguard.com/zeroday/FG-VD-19-093
Broken Link
https://github.com/beerpwn/ctf/blob/master/CVE/CVE-2019-13571/report.pdf
Exploit
Technical Description
https://github.com/beerpwn/ctf/tree/master/CVE/CVE-2019-13571
Exploit
Technical Description
https://plugins.trac.wordpress.org/changeset/2123623
Release Notes
Third Party Advisory
https://wordpress.org/plugins/advanced-cf7-db/#developers
Third Party Advisory
https://wpvulndb.com/vulnerabilities/9479
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vsourz:advanced_cf7_db:*:*:*:*:*:wordpress:*:*

Версия до 1.6.1 (включая)

EPSS

Процентиль: 86%

0.02868

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-mhj5-cwc2-fxgx