exploitDog

CVE-2020-8596

Опубликовано: 11 фев. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 6

EPSS Низкий

Описание

participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met).

Ссылки

https://blog.impenetrable.tech/cve-2020-8596
Third Party Advisory
https://wpvulndb.com/vulnerabilities/10068
Third Party Advisory
https://blog.impenetrable.tech/cve-2020-8596
Third Party Advisory
https://wpvulndb.com/vulnerabilities/10068
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xnau:participants_database:*:*:*:*:*:wordpress:*:*

Версия до 1.9.5.5 (включая)

EPSS

Процентиль: 79%

0.01311

Низкий

7.5 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-xw39-q6xj-4gq5

github

больше 3 лет назад

participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met).

EPSS

Процентиль: 79%

0.01311

Низкий

7.5 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-89