PT-2022-19585 · Mufeng · Mufeng'S Hermit 音乐播放器 Plugin

Lenon Leite

Published

2022-04-28

Updated

2023-01-30

CVE-2022-29411

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mufeng's Hermit 音乐播放器 plugin versions <= 3.1.6

Description The issue allows attackers to execute a SQL Injection (SQLi) attack. This is done via the &id parameter.

Recommendations For Mufeng's Hermit 音乐播放器 plugin versions <= 3.1.6, consider updating to a version greater than 3.1.6 to resolve the issue. As a temporary workaround, restrict access to the &id parameter in the affected API endpoint to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2022-29411

Affected Products

Mufeng'S Hermit 音乐播放器 Plugin

PT-2022-19585 · Mufeng · Mufeng'S Hermit 音乐播放器 Plugin

CVE-2022-29411

Weakness Enumeration

Related Identifiers

Affected Products

References · 5