CVE-2019-13575

Опубликовано: 18 июл. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php

Ссылки

https://fortiguard.com/zeroday/FG-VD-19-096
Not Applicable
https://github.com/wpeverest/everest-forms/commit/755d095fe0d9a756a13800d1513cf98219e4a3f9
Patch
https://github.com/wpeverest/everest-forms/commit/755d095fe0d9a756a13800d1513cf98219e4a3f9#diff-bb2b21ef7774df8687ff02b0284505c6
Patch
https://wordpress.org/plugins/everest-forms/#developers
Release Notes
https://wpvulndb.com/vulnerabilities/9466
Third Party Advisory
https://fortiguard.com/zeroday/FG-VD-19-096
Not Applicable
https://github.com/wpeverest/everest-forms/commit/755d095fe0d9a756a13800d1513cf98219e4a3f9
Patch
https://github.com/wpeverest/everest-forms/commit/755d095fe0d9a756a13800d1513cf98219e4a3f9#diff-bb2b21ef7774df8687ff02b0284505c6
Patch
https://wordpress.org/plugins/everest-forms/#developers
Release Notes
https://wpvulndb.com/vulnerabilities/9466
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpeverest:everest_forms:*:*:*:*:*:wordpress:*:*

Версия до 1.4.9 (включая)

EPSS

Процентиль: 84%

0.02087

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-4xpc-pfpr-85w4