PT-2020-15680 · Vinoj Cardoza · Vinoj Cardoza Wordpress Poll Plugin
Published
2020-08-26
·
Updated
2024-02-14
·
CVE-2020-24315
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Vinoj Cardoza WordPress Poll Plugin versions prior to v37
Description
The issue allows users to execute SQL statements by crafting specific input, potentially leading to the dumping of the entire target's database. This is due to a lack of user input escaping, specifically in the
pollid POST parameter.Recommendations
For Vinoj Cardoza WordPress Poll Plugin versions prior to v37, update to version v37 or later to resolve the issue. As a temporary workaround, consider restricting access to the
pollid parameter in the affected POST request until a patch is available.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vinoj Cardoza Wordpress Poll Plugin