PT-2018-9608 · WordPress · Wordpress Arigato Autoresponder/News Letter

Larry W. Cashdollar

Publicado

2018-12-03

Atualizado

2018-12-27

CVE-2018-1002000

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: WordPress Arigato Autoresponder and Newsletter version 2.5.1.8

Description: The issue is related to a blind SQL injection vulnerability that can be exploited via the del ids variable by sending a POST request. This vulnerability requires administrative privileges to exploit.

Recommendations: For WordPress Arigato Autoresponder and Newsletter version 2.5.1.8, consider restricting access to the del ids variable to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the del ids variable in POST requests to prevent potential SQL injection attacks.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2018-1002000

Produtos afetados

Wordpress Arigato Autoresponder/News Letter

PT-2018-9608 · WordPress · Wordpress Arigato Autoresponder/News Letter

CVE-2018-1002000

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5