Lucene search

[email protected]CVE-2023-0037

HistoryMar 13, 2023 - 5:15 p.m.

CVE-2023-0037

2023-03-1317:15:12

[email protected]

web.nvd.nist.gov

cve-2023-0037

10web map builder

wordpress plugin

sql injection

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.5%

JSON

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

VendorProductVersionCPE
10webmap_builder_for_google_maps*cpe:2.3:a:10web:map_builder_for_google_maps:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
10web	map_builder_for_google_maps	*	cpe:2.3:a:10web:map_builder_for_google_maps::::::::

References

bulletin.iese.de/post/wd-google-maps_1-0-72_1

wpscan.com/vulnerability/33ab1fe2-6611-4f43-91ba-52c56f02ed56

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.5%

JSON

Related for CVE-2023-0037

wpvulndb1 prion1 wpexploit1 cvelist1