exploitDog

CVE-2023-3435

Опубликовано: 14 авг. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks.

Ссылки

https://wpscan.com/vulnerability/30a37a61-0d16-46f7-b9d8-721d983afc6b
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/30a37a61-0d16-46f7-b9d8-721d983afc6b
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:solwininfotech:user_activity_log:*:*:*:*:*:wordpress:*:*

Версия до 1.6.5 (исключая)

EPSS

Процентиль: 70%

0.00631

Низкий

9.8 Critical

CVSS3

Дефекты

Связанные уязвимости

GHSA-83g3-fg3c-hpxj

CVSS3: 9.8

github

больше 2 лет назад

The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks.

EPSS

Процентиль: 70%

0.00631

Низкий

9.8 Critical

CVSS3

Дефекты