exploitDog

CVE-2022-4546

Опубликовано: 13 фев. 2023

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

Ссылки

https://bulletin.iese.de/post/mapwiz_1-0-1/
Broken Link
https://wpscan.com/vulnerability/009578b9-016d-49c2-9577-49756c35e1e8
Exploit
Third Party Advisory
https://bulletin.iese.de/post/mapwiz_1-0-1/
Broken Link
https://wpscan.com/vulnerability/009578b9-016d-49c2-9577-49756c35e1e8
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:conceptbeans:mapwiz:*:*:*:*:*:wordpress:*:*

Версия до 1.0.1 (включая)

EPSS

Процентиль: 70%

0.00644

Низкий

7.2 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-m325-7wqx-383c

CVSS3: 7.2

github

почти 3 года назад

The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

EPSS

Процентиль: 70%

0.00644

Низкий

7.2 High

CVSS3

Дефекты

CWE-89