Lucene search

[email protected]NVD:CVE-2023-6035

HistoryDec 11, 2023 - 8:15 p.m.

CVE-2023-6035

2023-12-1120:15:07

CWE-89

[email protected]

web.nvd.nist.gov

eazydocs wordpress plugin

sql injection

ajax action

security vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.3%

JSON

The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape “data” parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.

Affected configurations

Nvd

Node

spider-themeseazydocsRange<2.3.4wordpress

VendorProductVersionCPE
spider-themeseazydocs*cpe:2.3:a:spider-themes:eazydocs:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
spider-themes	eazydocs	*	cpe:2.3:a:spider-themes:eazydocs::::::wordpress::*

References

wpscan.com/vulnerability/44f5a29a-05f9-40d2-80f2-6fb2bda60d79

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.3%

JSON

Related for NVD:CVE-2023-6035

wpvulndb1 cvelist1 prion1 cve1 wpexploit1