Описание
The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.1 (исключая)
cpe:2.3:a:getcloudsms:joy_of_text_lite:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 89%
0.0435
Низкий
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 9.8
github
около 3 лет назад
The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection
EPSS
Процентиль: 89%
0.0435
Низкий
9.8 Critical
CVSS3