PT-2021-16175 · WordPress · Game Server Status

Neppah

Published

2021-10-25

Updated

2021-10-27

CVE-2021-24662

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Game Server Status WordPress plugin version 1.0

Description The issue concerns an authenticated SQL injection in an admin page. This occurs because the server id parameter is not validated or escaped before being used in a SQL statement.

Recommendations For Game Server Status WordPress plugin version 1.0, consider avoiding the use of the server id parameter in the affected admin page until a patch is available. As a temporary workaround, restrict access to the admin page to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-24662

Affected Products

Game Server Status

PT-2021-16175 · WordPress · Game Server Status

CVE-2021-24662

Weakness Enumeration

Related Identifiers

Affected Products

References · 3