CVE-2024-30486

2024-03-2914:15:10

CWE-89

[email protected]

web.nvd.nist.gov

cve-2024-30486

improper neutralization

special elements

sql command

vulnerability

max foundry media library folders

media library folders 8.1.7

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

9.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.7.

Affected configurations

Vulners

Node

max_foundrymedia_library_foldersRange≤8.1.7

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "media-library-plus",
    "product": "Media Library Folders",
    "vendor": "Max Foundry",
    "versions": [
      {
        "changes": [
          {
            "at": "8.1.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "8.1.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]