exploitDog

CVE-2022-0434

Опубликовано: 07 мар. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks

Ссылки

https://wpscan.com/vulnerability/be895016-7365-4ce4-a54f-f36d0ef2d6f1
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/be895016-7365-4ce4-a54f-f36d0ef2d6f1
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:a3rev:page_view_count:*:*:*:*:*:wordpress:*:*

Версия до 2.4.15 (исключая)

EPSS

Процентиль: 100%

0.89671

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-qhcq-6xcp-843h

CVSS3: 9.8

github

почти 4 года назад

The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks

EPSS

Процентиль: 100%

0.89671

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

CWE-89