3 matches found
CVE-2023-3211
The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2023-3211
CVE-2023-3211 affects the WordPress Database Administrator plugin (versions ≤ 1.0.3). An unauthenticated AJAX action uses an unsanitized/uncescaped parameter in a SQL statement, enabling SQL injection with high impact (C/H/I/A). Public sources in the provided documents indicate the vulnerability ...
WordPress WP Database Administrator Plugin <= 1.0.3 is vulnerable to SQL Injection
Software WP Database Administrator Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-3211 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 53fe9995f076 Credits Christiaan Swiers Required privilege...