Description

The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues

Related CPE's

a

jiangqie

official_website_mini_program

*

*

*

*

*

wordpress

Vulnerable

References

https://github.com/ja9er/CVEProject/blob/main/wordpress_jiangqie-official-website-mini-program_sqli.md

ExploitThird Party Advisory

https://wpscan.com/vulnerability/cbd65b7d-d3c3-4ee3-8e5e-ff0eeeaa7b30

ExploitThird Party Advisory

https://github.com/ja9er/CVEProject/blob/main/wordpress_jiangqie-official-website-mini-program_sqli.md

ExploitThird Party Advisory

https://wpscan.com/vulnerability/cbd65b7d-d3c3-4ee3-8e5e-ff0eeeaa7b30

ExploitThird Party Advisory

Weaknesses

[email protected]

Secondary
CWE-89

[email protected]

Primary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-09-06T09:15:07.507Z

4 years ago

Last modified

2024-11-21T04:52:48.063Z

1 year ago