CVE-2022-2840

Опубликовано: 19 сент. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections

Ссылки

http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c
Exploit
Patch
Third Party Advisory
http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zephyr-one:zephyr_project_manager:*:*:*:*:*:wordpress:*:*

Версия до 3.2.5 (исключая)

EPSS

Процентиль: 90%

0.05182

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-v5j7-5w29-28r9