exploitDog

CVE-2022-3494

Опубликовано: 07 нояб. 2022

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML.

Ссылки

https://wpscan.com/vulnerability/71db75c0-5907-4237-884f-8db88b1a9b34
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/71db75c0-5907-4237-884f-8db88b1a9b34
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:really-simple-plugins:complianz:*:*:*:*:-:wordpress:*:*

Версия до 6.3.4 (исключая)

cpe:2.3:a:really-simple-plugins:complianz:*:*:*:*:premium:wordpress:*:*

Версия до 6.3.6 (исключая)

EPSS

Процентиль: 76%

0.00918

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-49q7-gc3f-7wp4

CVSS3: 8.8

github

больше 3 лет назад

The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML.

EPSS

Процентиль: 76%

0.00918

Низкий

8.8 High

CVSS3

Дефекты

CWE-89