Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2020-9006
HistoryFeb 17, 2020 - 3:15 p.m.

Sql injection

2020-02-1715:15:00
PRIOn knowledge base
www.prio-n.com
3

0.012 Low

EPSS

Percentile

85.2%

JSON

The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator account, leading to possible Remote Code Execution because Administrators can run PHP code on Wordpress instances. (This issue has been fixed in the 3.x branch of popup-builder.)

CPENameOperatorVersion
popup_builderge2.2.8
popup_builderle2.6.7.6

Related

cvelist 1
cve 1
githubexploit 1
patchstack 1
openvas 1
wpvulndb 1
nvd 1
cvelist
cvelist
CVE-2020-9006
2020-02-17 14:33:25
cve
cve
CVE-2020-9006
2020-02-17 15:15:12
githubexploit
githubexploit
Exploit for SQL Injection in Sygnoos Popup Builder
2020-07-21 05:39:58
patchstack
patchstack
WordPress Popup Builder plugin <= 2.6.7.6 - SQL injection (SQLi) vulnerability
2020-02-16 00:00:00
openvas
openvas
WordPress Popup Builder Plugin 2.2.8 < 3.0 SQL Injection Vulnerability
2020-02-25 00:00:00
wpvulndb
wpvulndb
Popup Builder < 3.0 - SQL injection via PHP Deserialization
2020-02-16 00:00:00
nvd
nvd
CVE-2020-9006
2020-02-17 15:15:12

0.012 Low

EPSS

Percentile

85.2%

JSON
Related for PRION:CVE-2020-9006
cvelist1cve1githubexploit1patchstack1openvas1wpvulndb1nvd1