Описание
In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues.
Ссылки
- ProductVendor Advisory
- ExploitThird Party Advisory
- ProductVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.0.10 (исключая)
cpe:2.3:a:ayecode:location_manager:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 78%
0.01126
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues.
EPSS
Процентиль: 78%
0.01126
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89