Lucene search
WpvulndbWPVDB-ID:2B5860F1-F029-496A-A479-082B78C5BDA4HistoryDec 23, 2023 - 12:00 a.m.
My Calendar < 3.4.22 - Unauthenticated SQL Injection
2023-12-2300:00:00
wpscan.com
27
wordpress
sql injection
unauthenticated attackers
database security
version 3.4.21
Description The My Calendar plugin for WordPress is vulnerable to [blind|generic|time-based] SQL Injection via the ‘from’ and ‘to’ parameters of the ‘/my-calendar/v1/events’ rest route in all versions up to, and including, 3.4.21 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 3.4.22 |
Related
nuclei
nuclei
WordPress My Calendar <3.4.22 - SQL Injection
2024-01-31 11:07:22
cve
cve
CVE-2023-6360
2023-11-30 16:15:11
cvelist
cvelist
CVE-2023-6360
2023-11-30 15:17:14
prion
prion
Sql injection
2023-11-30 16:15:00
nvd
nvd
CVE-2023-6360
2023-11-30 16:15:11
7.6 High
AI Score
Confidence
Low
0.011 Low
EPSS
Percentile
84.8%
Related for WPVDB-ID:2B5860F1-F029-496A-A479-082B78C5BDA4