Lucene search
K

4 matches found

Circl
Circl
added 2023/07/12 12:48 p.m.8 views

CVE-2023-3023

creationtimestamp| type| source ---|---|--- 2023-07-12 12:48:33+00:00| seen| https://t.me/cibsecurity/66508...

7.2CVSS7.6AI score0.00707EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/12 4:38 a.m.31 views

CVE-2023-3023 WP EasyCart <= 5.4.10 - Authenticated (Administrator+) SQL Injection via 'orderby'

The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.2CVSS7.3AI score0.00707EPSS
Exploits0References2
CVE
CVE
added 2023/07/12 4:38 a.m.42 views

CVE-2023-3023

CVE-2023-3023 concerns the WP EasyCart WordPress plugin. The vulnerability is a time-based SQL Injection via the vulnerable parameter “orderby” in versions up to and including 5.4.10, caused by insufficient escaping of user input and lack of proper SQL query preparation. This can allow an authent...

7.2CVSS7AI score0.00707EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/06/12 12:0 a.m.12 views

WordPress WP EasyCart Plugin <= 5.4.10 is vulnerable to SQL Injection

Software WP EasyCart Type Plugin Vulnerable versions = 5.4.10 Fixed in 5.4.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-3023 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 7fe998afdaf8 Credits Alex Thomas Required privilege Administrator Publish...

7.2CVSS6.8AI score0.00707EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder