Lucene search

[email protected]NVD:CVE-2018-1000511

HistoryJun 26, 2018 - 4:29 p.m.

CVE-2018-1000511

2018-06-2616:29:00

CWE-732

[email protected]

web.nvd.nist.gov

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

40.6%

JSON

WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2.

Affected configurations

Nvd

Node

wpulikeulikeMatch2.8.1wordpress

wpulikeulikeMatch3.1wordpress

VendorProductVersionCPE
wpulikeulike2.8.1cpe:2.3:a:wpulike:ulike:2.8.1:*:*:*:*:wordpress:*:*
wpulikeulike3.1cpe:2.3:a:wpulike:ulike:3.1:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wpulike	ulike	2.8.1	cpe:2.3:a:wpulike:ulike:2.8.1:::::wordpress::
wpulike	ulike	3.1	cpe:2.3:a:wpulike:ulike:3.1:::::wordpress::

References

advisories.dxw.com/advisories/wp-ulike-delete-rows/

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

40.6%

JSON

Related for NVD:CVE-2018-1000511

prion1 cvelist1 cve1