CVE-2015-9452

Sažetak

The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.

Reference

http://cinu.pl/research/wp-plugins/mail_cb24b6204803e8e94943b198edc37af7.html
https://wordpress.org/plugins/nex-forms-express-wp-form-builder/#developers
https://wpvulndb.com/vulnerabilities/8336
http://cinu.pl/research/wp-plugins/mail_cb24b6204803e8e94943b198edc37af7.html
https://wordpress.org/plugins/nex-forms-express-wp-form-builder/#developers
https://wpvulndb.com/vulnerabilities/8336

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-01-2025 - 18:26

Objavljeno

07-10-2019 - 15:15