CVE-2022-1691

Опубликовано: 08 июн. 2022

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

The Realty Workstation WordPress plugin before 1.0.15 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection

Ссылки

https://bulletin.iese.de/post/realty-workstation_1-0-6
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/f9363b4c-c434-4f15-93f8-46162d2d7049
Exploit
Third Party Advisory
https://bulletin.iese.de/post/realty-workstation_1-0-6
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/f9363b4c-c434-4f15-93f8-46162d2d7049
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:realtyworkstation:realty_workstation:*:*:*:*:*:wordpress:*:*

Версия до 1.0.15 (исключая)

EPSS

Процентиль: 50%

0.00269

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-xch6-4wp4-m47p