Lucene search

[email protected]CVE-2017-9603

HistoryJun 13, 2017 - 6:29 p.m.

CVE-2017-9603

2017-06-1318:29:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2017-9603

sql injection

wp jobs plugin

vulnerability

wordpress

authenticated users

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.8%

JSON

SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php.

Affected configurations

NVD

Node

intensewpwp_jobsRange≤1.4wordpress

CPENameOperatorVersion
intensewp:wp_jobsintensewp wp jobsle1.4

CPE	Name	Operator	Version
intensewp:wp_jobs	intensewp wp jobs	le	1.4

References

wordpress.org/plugins/wp-jobs/#developers

wpvulndb.com/vulnerabilities/8847

www.exploit-db.com/exploits/42172/

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.8%

JSON

Related for CVE-2017-9603

packetstorm1 zdt1 exploitpack1 nvd1 patchstack1 prion1 cvelist1 wpvulndb1 exploitdb1