From 1d01b279795e611390bc0e874f89a3c57a86ab86 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Wed, 29 May 2024 13:26:16 +0530 Subject: [PATCH] minor update --- http/cves/2024/CVE-2024-3495.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/http/cves/2024/CVE-2024-3495.yaml b/http/cves/2024/CVE-2024-3495.yaml index d057c9feac..076e2dc12d 100644 --- a/http/cves/2024/CVE-2024-3495.yaml +++ b/http/cves/2024/CVE-2024-3495.yaml @@ -3,21 +3,25 @@ id: CVE-2024-3495 info: name: Wordpress Country State City Dropdown <=2.7.2 - SQL Injection author: apple - severity: high + severity: critical description: | The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. reference: - https://sploitus.com/exploit?id=EDF4B3F8-DDF4-5196-A375-EC81B8BC18F1&utm_source=rss&utm_medium=rss - https://github.com/truonghuuphuc/CVE-2024-3495-Poc - https://nvd.nist.gov/vuln/detail/CVE-2024-3495 + - https://plugins.trac.wordpress.org/browser/country-state-city-auto-dropdown/trunk/includes/ajax-actions.php#L22 + - https://plugins.trac.wordpress.org/browser/country-state-city-auto-dropdown/trunk/includes/ajax-actions.php#L8 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-3495 cwe-id: CWE-89 + epss-score: 0.00065 + epss-percentile: 0.28393 metadata: - max-request: 2 verified: true + max-request: 2 publicwww-query: "/wp-content/plugins/country-state-city-auto-dropdown" tags: cve,cve2024,wp,wp-plugin,wordpress,sqli