SQL Injection Vulnerability in Distance Based Shipping Calculator
CVE-2024-52495
8.5HIGH
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 28 November 2024
Summary
A vulnerability exists in Eniture Technology’s Distance Based Shipping Calculator that allows an attacker to exploit improper neutralization of special elements used in SQL commands, resulting in an SQL Injection. This issue affects all versions of the Distance Based Shipping Calculator up to 2.0.21. If exploited, this vulnerability could enable unauthorized users to manipulate database queries, potentially exposing sensitive data or altering information stored in the database.
Affected Version(s)
Distance Based Shipping Calculator <= 2.0.21
References
CVSS V3.1
Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)