4 matches found
CVE-2023-5082
The CVE-2023-5082 entry concerns History Log by click5 (WordPress plugin) prior to 1.0.13. The issue is a SQL injection caused by insufficient sanitization/escaping when a parameter is used in an SQL statement, with exploitation described as admin-user-initiated via the Smash Balloon Social Photo...
CVE-2023-5082 History Log by click5 < 1.0.13 - Admin+ Time-Based Blind SQL Injection
The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it...
CVE-2023-5082 History Log by click5 < 1.0.13 - Admin+ Time-Based Blind SQL Injection
The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it...
WordPress History Log by click5 Plugin < 1.0.13 is vulnerable to SQL Injection
Software History Log by click5 Type Plugin Vulnerable versions 1.0.13 Fixed in 1.0.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5082 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0a946699ae5c Credits Karolis Narvilas Required privilege...