PT-2019-8528 · Jtrt · Jtrt Responsive Tables

Published

2019-09-10

Updated

2019-09-10

CVE-2017-18597

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions jtrt-responsive-tables plugin versions prior to 4.1.2

Description The issue concerns SQL Injection via the tableId parameter in the admin/class-jtrt-responsive-tables-admin.php file. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For versions prior to 4.1.2, update to version 4.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the tableId parameter in the admin/class-jtrt-responsive-tables-admin.php file until the update is applied.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-18597

Affected Products

Jtrt Responsive Tables

PT-2019-8528 · Jtrt · Jtrt Responsive Tables

CVE-2017-18597

Weakness Enumeration

Related Identifiers

Affected Products

References · 6