Lucene search
K

6 matches found

OpenVAS
OpenVAS
added 2018/02/06 12:0 a.m.37 views

Debian: Security Advisory (DLA-1151-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS5.8AI score0.13385EPSS
Exploits5References3
Prion
Prion
added 2017/11/02 4:29 p.m.23 views

Sql injection

WordPress before 4.8.3 is affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723...

7.5CVSS9.6AI score0.10357EPSS
Exploits1References8Affected Software1
Debian
Debian
added 2017/10/11 11:51 a.m.33 views

[SECURITY] [DSA 3997-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3997-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 10, 2017 https://www.debian.org/security/faq -...

9.8CVSS7.6AI score0.13385EPSS
Exploits5
Debian CVE
Debian CVE
added 2017/09/23 8:0 p.m.38 views

CVE-2017-14723

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb-prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks...

9.8CVSS4AI score0.10357EPSS
Exploits1
CVE
CVE
added 2017/09/23 8:0 p.m.412 views

CVE-2017-14723

CVE-2017-14723 affects WordPress versions before 4.8.2. The issue is in how $wpdb->prepare handles the use of % characters and placeholder values, allowing potential SQL injection via plugins/themes. Impact is significant (high/critical in CVSS metrics), requiring updating to WordPress 4.8.2 o...

9.8CVSS9.7AI score0.10357EPSS
In wildExploits1References10Affected Software1
Cvelist
Cvelist
added 2017/09/23 8:0 p.m.34 views

CVE-2017-14723

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb-prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks...

9.8AI score0.10357EPSS
Exploits1References10
Rows per page
Query Builder