Lucene search

K
cve[email protected]CVE-2024-30498
HistoryMar 29, 2024 - 2:15 p.m.

CVE-2024-30498

2024-03-2914:15:13
CWE-89
web.nvd.nist.gov
29
cve-2024-30498
sql injection
crm perks forms

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

9.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4.

Affected configurations

Vulners
Node
crm_perkscrm_perks_formsRange1.1.4

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "crm-perks-forms",
    "product": "CRM Perks Forms",
    "vendor": "CRM Perks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.1.5",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.1.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

9.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVE-2024-30498