Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7.

Related CPE's

a

ninjateam

multi_step_for_contact_form_7

*

*

*

*

*

wordpress

Vulnerable

References

https://patchstack.com/database/vulnerability/cf7-multi-step/wordpress-multi-step-for-contact-form-plugin-2-7-7-unauthenticated-sql-injection-vulnerability?_s_id=cve

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

9.3 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-10-11T17:15:09.783Z

1 year ago

Last modified

2024-11-14T18:22:49.760Z

1 year ago