PT-2022-9021 · Modern Tribe · Modern Tribe Panel Builder Plugin
Defunctl
·
Published
2022-12-24
·
Updated
2023-01-13
·
CVE-2020-36626
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Modern Tribe Panel Builder Plugin (affected versions not specified)
Description
A critical vulnerability has been found in the Modern Tribe Panel Builder Plugin, affecting the
add post content filtered to search sql function of the ModularContent/SearchFilter.php file. This leads to sql injection and can be launched remotely. The exploit has been disclosed to the public.Recommendations
To fix this issue, it is recommended to apply a patch. Specifically, the patch named
4528d4f855dbbf24e9fc12a162fda84ce3bedc2f should be applied. As a temporary workaround, consider disabling the add post content filtered to search sql function until the patch is applied. Restrict access to the ModularContent/SearchFilter.php file to minimize the risk of exploitation.Exploit
Fix
Improper Neutralization
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Modern Tribe Panel Builder Plugin