← Voltar para CVEs
CVE-2022-0949
CRITICAL9.8
Descricao
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/11/2022
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
stopbadbots:block_and_stop_bad_bots
Fraquezas (CWE)
CWE-89CWE-89
Referencias
https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb(contact@wpscan.com)
https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.