Description
The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues
References
ExploitThird Party Advisory
https://wpscan.com/vulnerability/cbd65b7d-d3c3-4ee3-8e5e-ff0eeeaa7b30
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-09-06T11:15:07.507
3 years agoLast modified
2021-09-09T19:52:43.807
3 years ago