PT-2017-11010 · WordPress · Surveyjs

Larry W. Cashdollar

Published

2017-09-14

Updated

2017-09-18

CVE-2017-1002021

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions wordpress plugin surveys version 1.01.8

Description The issue arises from the code in individual responses.php, which fails to sanitize the survey id variable before using it in an SQL query.

Recommendations For version 1.01.8, ensure proper sanitization of the survey id variable in the individual responses.php file to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the individual responses.php file until a proper fix is applied.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-1002021

Affected Products

Surveyjs

PT-2017-11010 · WordPress · Surveyjs

CVE-2017-1002021

Weakness Enumeration

Related Identifiers

Affected Products

References · 5