Lucene search
WPScanCVE-2024-5975HistoryJul 30, 2024 - 6:15 a.m.
CVE-2024-5975
2024-07-3006:15:03
WPScan
web.nvd.nist.gov
24
wordpress plugin
sql injection
ajax action
unauthenticated users
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
22.1%
The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
Affected configurations
Node
loan_comparison_projectloan_comparisonRange≤1.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| loan_comparison_project | loan_comparison | * | cpe:2.3:a:loan_comparison_project:loan_comparison:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "CZ Loan Management",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.1"
}
],
"defaultStatus": "affected"
}
]Related
vulnrichment
vulnrichment
CVE-2024-5975 CZ Loan Management <= 1.1 - Unauthenticated SQLi
2024-07-30 06:00:09
nuclei
nuclei
CZ Loan Management <= 1.1 - SQL Injection
2024-08-01 17:43:35
nvd
nvd
CVE-2024-5975
2024-07-30 06:15:03
cvelist
cvelist
CVE-2024-5975 CZ Loan Management <= 1.1 - Unauthenticated SQLi
2024-07-30 06:00:09
wordfence
wordfence
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
22.1%
Related for CVE-2024-5975