Lucene search
WpvulndbWPVDB-ID:8E5C6259-F7D6-474D-932B-A5D186B94C2AHistoryFeb 02, 2024 - 12:00 a.m.
Ninja Forms Contact Form < 3.7.2 - Unauthenticated Second Order SQL Injection
2024-02-0200:00:00
wpscan.com
8
ninja forms
sql injection
unauthenticated attackers
personal data export
vulnerability
security issue
Description The plugin is vulnerable to Second Order SQL Injection via the email address value submitted through forms due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export.
Related
cve
cve
CVE-2024-0685
2024-02-02 05:15:08
nvd
nvd
CVE-2024-0685
2024-02-02 05:15:08
cvelist
cvelist
CVE-2024-0685
2024-02-02 04:32:34
vulnrichment
vulnrichment
CVE-2024-0685
2024-02-02 04:32:34
prion
prion
Sql injection
2024-02-02 05:15:00
wordfence
wordfence
AI Score
8
Confidence
Low
EPSS
0.001
Percentile
29.7%
Related for WPVDB-ID:8E5C6259-F7D6-474D-932B-A5D186B94C2A