SQL Injection Vulnerability in CRM Perks Forms
CVE-2024-30498

10CRITICAL

Key Information:

Vendor: WordPress
Status: Crm Perks Forms
Vendor: CVE Published:; 29 March 2024

Summary

The vulnerability in CRM Perks Forms is due to improper neutralization of special elements in SQL commands, leading to SQL injection possibilities. This flaw can be exploited by attackers to execute arbitrary SQL queries, potentially compromising the integrity of the database and exposing sensitive information. Affected versions range from n/a to 1.1.4, making it crucial for users to apply appropriate patches or updates to safeguard against this risk.

Affected Version(s)

CRM Perks Forms <= 1.1.4

References

https://patchstack.com/database/vulnerability/crm-perks-f...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 29, 2024
Vulnerability Reserved
Mar 27, 2024

Credit

LVT-tholv2k (Patchstack Alliance)