exploitDog

CVE-2023-0098

Опубликовано: 13 фев. 2023

Источник: nvd

CVSS3: 8.8

CVSS3: 7.7

EPSS Низкий

Описание

The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber.

Ссылки

https://wpscan.com/vulnerability/db0b3275-40df-404e-aa8d-53558f0122d8
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/db0b3275-40df-404e-aa8d-53558f0122d8
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:getlasso:simple_urls:*:*:*:*:*:wordpress:*:*

Версия до 115 (исключая)

EPSS

Процентиль: 68%

0.00578

Низкий

8.8 High

CVSS3

7.7 High

CVSS3

Дефекты

Связанные уязвимости

GHSA-37j5-fv6r-vwgr

CVSS3: 8.8

github

почти 3 года назад

The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber.

EPSS

Процентиль: 68%

0.00578

Низкий

8.8 High

CVSS3

7.7 High

CVSS3

Дефекты