CVE-2021-24337

Опубликовано: 07 июн. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection.

Ссылки

https://codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a
Exploit
Third Party Advisory
https://codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:video-embed-box_project:video-embed-box:*:*:*:*:*:wordpress:*:*

Версия до 1.0 (включая)

EPSS

Процентиль: 68%

0.00582

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-9r6g-wcvh-p5j6

github

больше 3 лет назад