DecaLog SQL Injection Vulnerability
CVE-2024-30245

7.6HIGH

Key Information:

Vendor: WordPress
Status: Decalog
Vendor: CVE Published:; 28 March 2024

Summary

A vulnerability has been identified in DecaLog where improper neutralization of special elements used in an SQL command allows for an SQL Injection attack. This vulnerability primarily affects DecaLog versions from prior to 3.9.0 up to and including 3.9.0, enabling attackers to potentially gain unauthorized access to the database, execute arbitrary SQL commands, and retrieve sensitive information. This presents a severe risk to organizations utilizing the affected versions of DecaLog, warranting immediate attention and remediation.

Affected Version(s)

DecaLog <= 3.9.0

References

https://patchstack.com/database/vulnerability/decalog/wor...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Mar 26, 2024

Credit

isacaya (Patchstack Alliance)