Lucene search

[email protected]CVE-2023-40215

HistoryNov 04, 2023 - 12:15 a.m.

CVE-2023-40215

2023-11-0400:15:08

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-40215

sql injection

demonisblack

demon image annotation

vulnerability

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1.

Affected configurations

Vulners

NVD

Node

demonisblackdemon_image_annotationRange≤5.1

CPENameOperatorVersion
superwhite:demon_image_annotationsuperwhite demon image annotationle5.1

CPE	Name	Operator	Version
superwhite:demon_image_annotation	superwhite demon image annotation	le	5.1

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "demon-image-annotation",
    "product": "demon image annotation",
    "vendor": "Demonisblack",
    "versions": [
      {
        "lessThanOrEqual": "5.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/demon-image-annotation/wordpress-demon-image-annotation-plugin-5-1-sql-injection-vulnerability?_s_id=cve

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

Related for CVE-2023-40215

cvelist1 nvd1 prion1 wordfence1