CVE-2020-14207

Опубликовано: 08 дек. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filter_diver parameter.

Ссылки

https://wordpress.org/plugins/divebook/#developers
Release Notes
Vendor Advisory
https://www.hooperlabs.xyz/disclosures/divebook.php
Third Party Advisory
https://wordpress.org/plugins/divebook/#developers
Release Notes
Vendor Advisory
https://www.hooperlabs.xyz/disclosures/divebook.php
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:divebook_project:divebook:1.1.4:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 82%

0.01788

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-54c6-8fc4-h2j7

github

больше 3 лет назад