exploitDog

CVE-2022-0949

Опубликовано: 11 апр. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection

Ссылки

https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:stopbadbots:block_and_stop_bad_bots:*:*:*:*:*:wordpress:*:*

Версия до 6.930 (исключая)

EPSS

Процентиль: 99%

0.69083

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-q4jm-qp48-3j3f

CVSS3: 9.8

github

почти 4 года назад

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection

EPSS

Процентиль: 99%

0.69083

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

CWE-89