Blind SQL Injection Vulnerability in Woocommerce Quote Calculator
CVE-2024-50479

9.8CRITICAL

Key Information:

Vendor: Mansur Ahamed
Status: WooCommerce Quote Calculator
Vendor: CVE Published:; 28 October 2024

Summary

A vulnerability related to improper neutralization of special elements in SQL commands has been identified in the WooCommerce Quote Calculator plugin developed by Mansur Ahamed. This vulnerability can lead to a Blind SQL Injection, allowing attackers to manipulate database queries through the application's input fields. As a result, unauthorized access to sensitive data may occur, posing significant risks to users utilizing this plugin version 1.1 and earlier. It is imperative for users to review and apply the necessary security patches to safeguard their systems.

Affected Version(s)

Woocommerce Quote Calculator <= 1.1

References

https://patchstack.com/database/vulnerability/woo-quote-c...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 28, 2024
Vulnerability Reserved
Oct 24, 2024

Credit

LVT-tholv2k (Patchstack Alliance)