exploitDog

CVE-2022-0773

Опубликовано: 02 мая 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.

Ссылки

https://wpscan.com/vulnerability/55b89de0-30ed-4f98-935e-51f069faf6fc
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/55b89de0-30ed-4f98-935e-51f069faf6fc
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:documentor_project:documentor:*:*:*:*:*:wordpress:*:*

Версия до 1.5.3 (включая)

EPSS

Процентиль: 99%

0.71344

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-6pm3-53cv-rpmg

CVSS3: 9.8

github

почти 4 года назад

The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.

EPSS

Процентиль: 99%

0.71344

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

CWE-89