Enhancement: cves/2018/CVE-2018-16159.yaml by md
parent
a08cf5053f
commit
dbdbc48cd5
|
@ -1,17 +1,17 @@
|
|||
id: CVE-2018-16159
|
||||
|
||||
info:
|
||||
name: Gift Voucher < 4.1.8 - Unauthenticated Blind SQL Injection
|
||||
name: WordPress Gift Voucher <4.1.8 - Blind SQL Injection
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
|
||||
WordPress Gift Vouchers plugin before 4.1.8 contains a blind SQL injection vulnerability via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/9117
|
||||
- https://wordpress.org/plugins/gift-voucher/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16159
|
||||
- https://www.exploit-db.com/exploits/45255/
|
||||
remediation: Fixed in version 4.1.8
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16159
|
||||
remediation: Fixed in version 4.1.8.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
@ -39,3 +39,5 @@ requests:
|
|||
- 'contains(content_type, "application/json")'
|
||||
- 'contains(body, "images") && contains(body, "title")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2023/03/13
|
||||
|
|
Loading…
Reference in New Issue