exploitDog

CVE-2022-0411

Опубликовано: 28 фев. 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection

Ссылки

https://plugins.trac.wordpress.org/changeset/2669226/asgaros-forum
Release Notes
Third Party Advisory
https://wpscan.com/vulnerability/35272197-c973-48ad-8405-538bfbafa172
Exploit
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2669226/asgaros-forum
Release Notes
Third Party Advisory
https://wpscan.com/vulnerability/35272197-c973-48ad-8405-538bfbafa172
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:asgaros:asgaros_forum:*:*:*:*:*:wordpress:*:*

Версия до 2.0.0 (исключая)

EPSS

Процентиль: 80%

0.01423

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-787f-w67j-6pv7

CVSS3: 8.8

github

почти 4 года назад

The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection

EPSS

Процентиль: 80%

0.01423

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89