Lucene search

K
cve[email protected]CVE-2014-2316
HistoryMar 09, 2014 - 1:16 p.m.

CVE-2014-2316

2014-03-0913:16:57
CWE-89
web.nvd.nist.gov
19
cve-2014-2316
sql injection
vulnerability
search everything plugin
wordpress
remote attackers
arbitrary sql commands
index.php
nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

10 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.5%

SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD
Node
zemantasearch_everythingMatch7.0.2wordpress
AND
wordpresswordpressMatch-

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

10 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.5%