PT-2017-11009 · WordPress · Surveyjs
Published
2017-09-14
·
Updated
2017-09-19
·
CVE-2017-1002020
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
wordpress plugin surveys version 1.01.8
Description
The issue arises from the code in survey form.php, which fails to sanitize the
action variable before incorporating it into an SQL query. This lack of sanitization can lead to potential SQL injection issues.Recommendations
For version 1.01.8, ensure proper sanitization of the
action variable in the survey form.php file to prevent SQL injection. Consider modifying the code to validate and cleanse user-input data before it is used in SQL queries.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Surveyjs