Qe SEO Handyman <= 1.0 - Admin+ SQLi
CVE-2022-4351

7.2HIGH

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
2 January 2023

Summary

The Qe SEO Handyman WordPress plugin versions up to 1.0 contains a flaw that fails to properly sanitize and escape user input before using it in SQL queries. This vulnerability allows high privilege users, such as administrators, to execute arbitrary SQL commands on the database through crafted input. As a result, malicious users can manipulate database queries, potentially leading to data breaches or unauthorized access to sensitive information.

Affected Version(s)

Qe SEO Handyman 0 <= 1.0

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Daniel Krohmer
Kunal Sharma
WPScan
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.