Описание
The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the txtsearch parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.3 (исключая)
cpe:2.3:a:solwininfotech:user_activity_log:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 42%
0.00196
Низкий
7.2 High
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 7.2
github
больше 2 лет назад
The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin.
EPSS
Процентиль: 42%
0.00196
Низкий
7.2 High
CVSS3