CVE-2020-11530

Sažetak

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.

Reference

http://packetstormsecurity.com/files/157607/WordPress-ChopSlider-3-SQL-Injection.html
http://packetstormsecurity.com/files/157655/WordPress-ChopSlider3-3.4-SQL-Injection.html
http://seclists.org/fulldisclosure/2020/May/26
https://github.com/idangerous/Plugins/tree/master/Chop%20Slider%203
https://idangero.us/

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

13-05-2020 - 13:29

Objavljeno

08-05-2020 - 20:15