Description

The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues

Related CPE's

a

jiangqie

official_website_mini_program

*

*

*

*

*

wordpress

Vulnerable

References

https://github.com/ja9er/CVEProject/blob/main/wordpress_jiangqie-official-website-mini-program_sqli.md

ExploitThird Party Advisory

https://wpscan.com/vulnerability/cbd65b7d-d3c3-4ee3-8e5e-ff0eeeaa7b30

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-89

[email protected]

Secondary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-09-06T11:15:07.507

3 years ago

Last modified

2021-09-09T19:52:43.807

3 years ago