exploitDog

CVE-2023-4797

Опубликовано: 16 янв. 2024

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.

Ссылки

https://wpscan.com/vulnerability/de169fc7-f388-4abb-ab94-12522fd1ac92/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/de169fc7-f388-4abb-ab94-12522fd1ac92/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tribulant:newsletters:*:*:*:*:*:wordpress:*:*

Версия до 4.9.3 (исключая)

EPSS

Процентиль: 68%

0.0056

Низкий

7.2 High

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-hjjv-gwf3-fpj2

CVSS3: 7.2

github

около 2 лет назад

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.

EPSS

Процентиль: 68%

0.0056

Низкий

7.2 High

CVSS3

Дефекты

CWE-77