exploitDog

CVE-2023-2805

Опубликовано: 19 июн. 2023

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

Ссылки

https://wpscan.com/vulnerability/bdb75c8c-87e2-4358-ad3b-f4236e9a43c0
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/bdb75c8c-87e2-4358-ad3b-f4236e9a43c0
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:supportcandy:supportcandy:*:*:*:*:*:wordpress:*:*

Версия до 3.1.7 (исключая)

EPSS

Процентиль: 46%

0.00232

Низкий

7.2 High

CVSS3

Дефекты

Связанные уязвимости

GHSA-433m-h5jj-8j5m

CVSS3: 7.2

github

больше 2 лет назад

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

EPSS

Процентиль: 46%

0.00232

Низкий

7.2 High

CVSS3

Дефекты