exploitDog

CVE-2022-1023

Опубликовано: 11 апр. 2022

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file

Ссылки

https://plugins.trac.wordpress.org/changeset/2696254
Patch
Third Party Advisory
https://wpscan.com/vulnerability/163069cd-98a8-4cfb-8b58-a6727a7d5c48
Exploit
Patch
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2696254
Patch
Third Party Advisory
https://wpscan.com/vulnerability/163069cd-98a8-4cfb-8b58-a6727a7d5c48
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:secondlinethemes:podcast_importer_secondline:*:*:*:*:*:wordpress:*:*

Версия до 1.3.8 (исключая)

EPSS

Процентиль: 68%

0.00567

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-5qj4-c6xg-8vx4

CVSS3: 7.2

github

почти 4 года назад

The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file

EPSS

Процентиль: 68%

0.00567

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89