CVE-2024-9475 - CERT CVE
ID CVE-2024-9475
Sažetak The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the order_by parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Reference
CVSS
Base: 4.9
Impact: 3.6
Exploitability:1.2
Pristup
VektorSloženostAutentikacija
NETWORK LOW HIGH
Impact
PovjerljivostCjelovitostDostupnost
HIGH NONE NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Zadnje važnije ažuriranje 28-10-2024 - 13:58
Objavljeno 26-10-2024 - 03:15