Lucene search

PatchstackCVE-2024-38788

HistoryJul 22, 2024 - 11:15 a.m.

CVE-2024-38788

2024-07-2211:15:04

CWE-89

Patchstack

web.nvd.nist.gov

cve-2024-38788

sql injection

admin 2020 uipress lite

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

19.9%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.

Affected configurations

Nvd

Vulners

Node

uipressuipress_liteRange<3.4.07wordpress

VendorProductVersionCPE
uipressuipress_lite*cpe:2.3:a:uipress:uipress_lite:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
uipress	uipress_lite	*	cpe:2.3:a:uipress:uipress_lite::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "uipress-lite",
    "product": "UiPress lite",
    "vendor": "Bởi Admin 2020",
    "versions": [
      {
        "changes": [
          {
            "at": "3.4.07",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.4.06",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/uipress-lite/wordpress-uipress-lite-plugin-3-4-06-sql-injection-vulnerability?_s_id=cve

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

19.9%

JSON

Related for CVE-2024-38788