CVE-2017-1002025

Sažetak

Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.

Reference

http://www.vapidlabs.com/advisory.php?v=196
https://wordpress.org/plugins/add-edit-delete-listing-for-member-module/

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

21-09-2017 - 18:02

Objavljeno

14-09-2017 - 13:29