exploitDog

CVE-2023-0037

Опубликовано: 13 мар. 2023

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

Ссылки

https://bulletin.iese.de/post/wd-google-maps_1-0-72_1
Broken Link
https://wpscan.com/vulnerability/33ab1fe2-6611-4f43-91ba-52c56f02ed56
Exploit
Third Party Advisory
https://bulletin.iese.de/post/wd-google-maps_1-0-72_1
Broken Link
https://wpscan.com/vulnerability/33ab1fe2-6611-4f43-91ba-52c56f02ed56
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:10web:map_builder_for_google_maps:*:*:*:*:*:wordpress:*:*

Версия до 1.0.73 (исключая)

EPSS

Процентиль: 98%

0.66547

Средний

9.8 Critical

CVSS3

Дефекты

Связанные уязвимости

GHSA-6gc2-7235-x8mp

CVSS3: 9.8

github

почти 3 года назад

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

EPSS

Процентиль: 98%

0.66547

Средний

9.8 Critical

CVSS3

Дефекты