Описание
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
Ссылки
- PatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.3.8 (исключая)
cpe:2.3:a:quantumcloud:infographic_maker:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 100%
0.90001
Критический
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
EPSS
Процентиль: 100%
0.90001
Критический
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89