CVE-2021-24630

Опубликовано: 08 нояб. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The Schreikasten WordPress plugin through 0.14.18 does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authenticated SQL Injections which can be exploited by users as low as author

Ссылки

https://codevigilant.com/disclosure/2021/wp-plugin-schreikasten/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a0787dae-a4b7-4248-9960-aaffabfaeb9f
Exploit
Third Party Advisory
https://codevigilant.com/disclosure/2021/wp-plugin-schreikasten/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a0787dae-a4b7-4248-9960-aaffabfaeb9f
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:schreikasten_project:schreikasten:*:*:*:*:*:wordpress:*:*

Версия до 0.14.18 (включая)

EPSS

Процентиль: 72%

0.00703

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-6xvw-4q6f-6756

github

больше 3 лет назад