6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
An SQL Injection exsist in pie-register/pie-register.php. It allows the administrators to execute arbitrary SQL commands via the 1. select_invitaion_code_bulk_option or 2. invi_del_id parameter in the pie-invitation-codes page to wp-admin/admin.php.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
pie register | le | 2.0.18 |