发布时间: 2022年10月24日
修改时间: 2022年10月24日
The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 9.8 | 9.8 |
| Attack Vector | Network | Network |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality | High | High |
| Integrity | High | High |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-2530 | The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections | 2022年10月24日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | zephyr | Unaffected |
| KY3.4-5 | zephyr | Unaffected |
| KY3.5.1 | zephyr | Unaffected |
