CVE-2021-24442

Опубликовано: 12 июл. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks

Ссылки

https://wpscan.com/vulnerability/7376666e-9b2a-4239-b11f-8544435b444a
Exploit
Third Party Advisory
https://www.in-spired.xyz/wpdevart-polls-blind-sql-injection/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/7376666e-9b2a-4239-b11f-8544435b444a
Exploit
Third Party Advisory
https://www.in-spired.xyz/wpdevart-polls-blind-sql-injection/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpdevart:poll\,_survey\,_questionnaire_and_voting_system:*:*:*:*:*:wordpress:*:*

Версия до 1.5.3 (исключая)

EPSS

Процентиль: 99%

0.72516

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-rrj8-8872-rq8p

github

больше 3 лет назад