CVE-2021-4134

Sažetak

The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the ~/inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 4.7.4.

Reference

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-4134
https://support.fancyproductdesigner.com/support/discussions/topics/13000031264

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

24-02-2022 - 03:25

Objavljeno

16-02-2022 - 17:15