CVE-2023-0234

Опубликовано: 06 фев. 2023

Источник: nvd

CVSS3: 8.8

EPSS Средний

Описание

The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue.

Ссылки

https://github.com/namah-age/CVEs/blob/master/1.md
Third Party Advisory
https://wpscan.com/vulnerability/acf3e369-1290-4b3f-83bf-2209b9dd06e1
Exploit
Third Party Advisory
https://www.siteground.com/viewtos/responsible_disclosure_policy?scid=4&lang=en
Issue Tracking
https://github.com/namah-age/CVEs/blob/master/1.md
Third Party Advisory
https://wpscan.com/vulnerability/acf3e369-1290-4b3f-83bf-2209b9dd06e1
Exploit
Third Party Advisory
https://www.siteground.com/viewtos/responsible_disclosure_policy?scid=4&lang=en
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:siteground:siteground_security:*:*:*:*:*:wordpress:*:*

Версия до 1.3.1 (исключая)

EPSS

Процентиль: 95%

0.16195

Средний

8.8 High

CVSS3

Дефекты

Связанные уязвимости

GHSA-x4xc-8g7v-c85h