PT-2023-21885 · WordPress · Formidable Pro2Pdf Wordpress Plugin

Joshua Martinelle

Publicado

2023-03-22

Atualizado

2023-03-28

CVE-2023-28663

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Formidable PRO2PDF WordPress Plugin versions prior to 3.11

Description The issue is an authenticated SQL injection vulnerability. It affects the fieldmap parameter in the fpropdf export file action.

Recommendations For versions prior to 3.11, update to version 3.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the fpropdf export file action to minimize the risk of exploitation. Avoid using the fieldmap parameter in the affected action until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-28663

Produtos afetados

Formidable Pro2Pdf Wordpress Plugin

PT-2023-21885 · WordPress · Formidable Pro2Pdf Wordpress Plugin

CVE-2023-28663

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4