exploitDog

CVE-2022-1182

Опубликовано: 16 мая 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections

Ссылки

https://wpscan.com/vulnerability/01d108bb-d134-4651-9c74-babcc88da177
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/01d108bb-d134-4651-9c74-babcc88da177
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:visual_slide_box_builder_project:visual_slide_box_builder:*:*:*:*:*:wordpress:*:*

Версия до 3.2.9 (включая)

EPSS

Процентиль: 72%

0.00703

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-6xq7-pgjf-qf76

CVSS3: 8.8

github

больше 3 лет назад

The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections

EPSS

Процентиль: 72%

0.00703

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89