Lucene search

[email protected]CVE-2018-11309

HistoryMay 28, 2018 - 4:29 p.m.

CVE-2018-11309

2018-05-2816:29:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2018-11309

blind sql injection

membermouse plugin

wordpress

unauthenticated attacker

mysql database

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.5%

JSON

Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request.

Affected configurations

NVD

Node

membermousemembermouseRange<2.2.8wordpress

CPENameOperatorVersion
membermouse:membermousemembermouselt2.2.8

CPE	Name	Operator	Version
membermouse:membermouse	membermouse	lt	2.2.8

References

blog.riccardoancarani.it/cve-2018-11309-blind-sql-injection-in-membermouse-plugin/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.5%

JSON

Related for CVE-2018-11309

cvelist1 wpvulndb1 prion1 nvd1