Blind SQL Injection Vulnerability in Administrator Z from 2024.11.04
CVE-2024-50524

8.5HIGH

Key Information:

Vendor: WordPress
Status: Administrator Z
Vendor: CVE Published:; 9 November 2024

What is CVE-2024-50524?

An SQL Injection vulnerability exists in the Administrator Z product by Quyle91, allowing for Blind SQL Injection. This flaw arises from improper neutralization of special elements used in SQL commands, posing significant risks to data integrity and security. Affected versions include Administrator Z from n/a up to 2024.11.04, emphasizing the need for immediate attention and remediation to eliminate potential exploitation opportunities.

Affected Version(s)

Administrator Z <= 2024.11.04

References

https://patchstack.com/database/vulnerability/administrat...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Oct 24, 2024

Credit

stealthcopter (Patchstack Alliance)