CVE-2021-24844

Sažetak

The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue

Reference

https://plugins.trac.wordpress.org/changeset/2611862/
https://wpscan.com/vulnerability/ebd6d13c-572e-4861-b7d1-a7a87332ce0d

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

13-11-2021 - 04:04

Objavljeno

08-11-2021 - 18:15