Lucene search
WPScanCVE-2023-0278HistoryFeb 27, 2023 - 4:15 p.m.
CVE-2023-0278
2023-02-2716:15:11
WPScan
web.nvd.nist.gov
33
geodirectory
wordpress
plugin
sql injection
nvd
cve-2023-0278
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
44.8%
The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
Affected configurations
Node
wpgeodirectorygeodirectoryRange<2.2.24
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpgeodirectory | geodirectory | * | cpe:2.3:a:wpgeodirectory:geodirectory:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "GeoDirectory",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.2.24"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
GeoDirectory < 2.2.24 - Admin+ SQLi
2023-01-31 00:00:00
prion
prion
Sql injection
2023-02-27 16:15:00
cvelist
cvelist
CVE-2023-0278 GeoDirectory < 2.2.24 - Admin+ SQLi
2023-02-27 15:24:40
wpexploit
wpexploit
GeoDirectory < 2.2.24 - Admin+ SQLi
2023-01-31 00:00:00
nvd
nvd
CVE-2023-0278
2023-02-27 16:15:11
wordfence
wordfence
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
44.8%
Related for CVE-2023-0278