exploitDog

CVE-2021-26609

Опубликовано: 26 окт. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter. The order_type parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information.

Ссылки

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36292
Third Party Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36292
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mangboard:mang_board:*:*:*:*:*:wordpress:*:*

Версия до 2.0.0 (исключая)

EPSS

Процентиль: 70%

0.00647

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-wxc6-647p-vgf6

github

больше 3 лет назад

A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter. The order_type parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information.

EPSS

Процентиль: 70%

0.00647

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

CWE-89