The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html | Exploit Third Party Advisory VDB Entry |
https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c | Exploit Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
03 Dec 2022, 02:40
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html - Exploit, Third Party Advisory, VDB Entry |
07 Oct 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Sep 2022, 06:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Zephyr Project Manager Project zephyr Project Manager
Zephyr Project Manager Project |
|
CWE | CWE-89 | |
CPE | cpe:2.3:a:zephyr_project_manager_project:zephyr_project_manager:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c - Exploit, Patch, Third Party Advisory |
19 Sep 2022, 15:05
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-19 14:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-2840
Mitre link : CVE-2022-2840
CVE.ORG link : CVE-2022-2840
JSON object : View
Products Affected
zephyr_project_manager_project
- zephyr_project_manager
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')