PT-2017-17905 · WordPress · Spider Event Calendar

Publicado

2017-04-12

Atualizado

2017-04-20

CVE-2017-7719

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Spider Event Calendar plugin versions prior to 1.5.52

Description The issue is related to SQL injection in the Spider Event Calendar plugin for WordPress. It is exploitable through the order by parameter in files such as "calendar functions.php" or "widget Theme functions.php", which is related to "front end/frontend functions.php".

Recommendations For versions prior to 1.5.52, update to version 1.5.52 or later to resolve the issue. As a temporary workaround, consider restricting access to the order by parameter in the affected API endpoints until a patch is available.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2017-7719

Produtos afetados

Spider Event Calendar

PT-2017-17905 · WordPress · Spider Event Calendar

CVE-2017-7719

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4