exploitDog

CVE-2022-0771

Опубликовано: 02 мая 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections

Ссылки

https://wpscan.com/vulnerability/6139e732-88f2-42cb-9dc3-42ad49731e75
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/6139e732-88f2-42cb-9dc3-42ad49731e75
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:marketingheroes:sitesupercharger:*:*:*:*:*:wordpress:*:*

Версия до 5.2.0 (исключая)

EPSS

Процентиль: 75%

0.00865

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-wrqp-p28p-h7qr

CVSS3: 9.8

github

почти 4 года назад

The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections

EPSS

Процентиль: 75%

0.00865

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89