MOLIE <= 0.5 - Authenticated SQL Injection
CVE-2021-25007

9.8CRITICAL

Key Information:

Vendor

Wordpress
Status
Molie – Instructure Canvas Linking Tool
Vendor
CVE Published:
14 March 2022

What is CVE-2021-25007?

The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection

Affected Version(s)

MOLIE – Instructure Canvas Linking tool 0.5

References

https://wpscan.com/vulnerability/cf907d53-cc4a-4b02-bed3-...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jeremie Amsellem
.
The Cyber Security Vulnerability Database.