From db61f8a095d7b8a2111fd5c178763cd5a8cde78e Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Tue, 25 Jun 2024 13:21:11 +0530 Subject: [PATCH] updated info --- http/cves/2024/CVE-2024-3922.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/http/cves/2024/CVE-2024-3922.yaml b/http/cves/2024/CVE-2024-3922.yaml index 1b902ca27b..b0552b2350 100644 --- a/http/cves/2024/CVE-2024-3922.yaml +++ b/http/cves/2024/CVE-2024-3922.yaml @@ -1,22 +1,23 @@ id: CVE-2024-3922 info: - name: Dokan Pro <= 3.10.3 - Unauthenticated SQL Injection + name: Dokan Pro <= 3.10.3 - SQL Injection author: securityforeveryone severity: critical description: | The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. impact: | Unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. - remediation: Fixed in 3.11.0 + remediation: | + Fixed in 3.11.0 reference: - - https://nvd.nist.gov/vuln/detail/CVE-2024-3922 - https://dokan.co/docs/wordpress/changelog/ + - https://nvd.nist.gov/vuln/detail/CVE-2024-3922 metadata: verified: true - max-request: 1 + max-request: 2 publicwww-query: "/wp-content/plugins/dokan-pro/" - tags: cve,cve2024,dokan,wp-plugin,wordpress,wp,dokan-pro + tags: cve,cve2024,dokan,wp-plugin,wordpress,wp,dokan-pro,sqli flow: http(1) && http(2)