Lucene search
PatchstackCVE-2023-49166HistoryDec 20, 2023 - 6:15 p.m.
CVE-2023-49166
2023-12-2018:15:12
CWE-89
Patchstack
web.nvd.nist.gov
48
cve-2023-49166
sql injection
magic logix msync
nvd
security vulnerability
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.001
Percentile
19.3%
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Magic Logix MSync.This issue affects MSync: from n/a through 1.0.0.
Affected configurations
Node
magiclogixmsyncRange≤1.0.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| magiclogix | msync | cpe:/a:magiclogix:msync:::: |
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "msync",
"product": "MSync",
"vendor": "Magic Logix",
"versions": [
{
"lessThanOrEqual": "1.0.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
MSync <= 1.0.0 - Authenticated (Administrator+) SQL Injection
2023-12-08 00:00:00
nvd
nvd
CVE-2023-49166
2023-12-20 18:15:12
prion
prion
Sql injection
2023-12-20 18:15:00
cvelist
cvelist
wordfence
wordfence
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.001
Percentile
19.3%
Related for CVE-2023-49166