PT-2017-11011 · WordPress · Surveyjs
Published
2017-09-14
·
Updated
2017-09-18
·
CVE-2017-1002022
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
wordpress plugin surveys version 1.01.8
Description
The issue arises from the code in questions.php, which fails to sanitize the
survey variable before incorporating it into an SQL query. This lack of sanitization can lead to potential SQL injection issues.Recommendations
For version 1.01.8, consider updating the questions.php file to properly sanitize the
survey variable before it is used in SQL queries to prevent potential SQL injection attacks.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Surveyjs