cvelist/2023/50xxx/CVE-2023-50849.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-50849",
        "ASSIGNER": "audit@patchstack.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf \u2013 Export To Pdf Tool for WordPress.This issue affects E2Pdf \u2013 Export To Pdf Tool for WordPress: from n/a through 1.20.23.\n\n"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                        "cweId": "CWE-89"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "E2Pdf.com",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "E2Pdf \u2013 Export To Pdf Tool for WordPress",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "not down converted",
                                            "x_cve_json_5_version_data": {
                                                "versions": [
                                                    {
                                                        "changes": [
                                                            {
                                                                "at": "1.20.24",
                                                                "status": "unaffected"
                                                            }
                                                        ],
                                                        "lessThanOrEqual": "1.20.23",
                                                        "status": "affected",
                                                        "version": "n/a",
                                                        "versionType": "custom"
                                                    }
                                                ],
                                                "defaultStatus": "unaffected"
                                            }
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://patchstack.com/database/vulnerability/e2pdf/wordpress-e2pdf-plugin-1-20-23-sql-injection-vulnerability?_s_id=cve",
                "refsource": "MISC",
                "name": "https://patchstack.com/database/vulnerability/e2pdf/wordpress-e2pdf-plugin-1-20-23-sql-injection-vulnerability?_s_id=cve"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "discovery": "EXTERNAL"
    },
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "Update to&nbsp;1.20.24 or a higher version."
                }
            ],
            "value": "Update to\u00a01.20.24 or a higher version."
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "Muhammad Daffa (Patchstack Alliance)"
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2023-12-14 18:00:33 +00:00			`{`
"-Synchronized-Data." 2023-12-28 12:00:36 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2023-12-14 18:00:33 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2023-50849",`
"-Synchronized-Data." 2023-12-28 12:00:36 +00:00			`"ASSIGNER": "audit@patchstack.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2023-12-14 18:00:33 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2023-12-28 12:00:36 +00:00			`"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf \u2013 Export To Pdf Tool for WordPress.This issue affects E2Pdf \u2013 Export To Pdf Tool for WordPress: from n/a through 1.20.23.\n\n"`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",`
			`"cweId": "CWE-89"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "E2Pdf.com",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "E2Pdf \u2013 Export To Pdf Tool for WordPress",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "not down converted",`
			`"x_cve_json_5_version_data": {`
			`"versions": [`
			`{`
			`"changes": [`
			`{`
			`"at": "1.20.24",`
			`"status": "unaffected"`
			`}`
			`],`
			`"lessThanOrEqual": "1.20.23",`
			`"status": "affected",`
			`"version": "n/a",`
			`"versionType": "custom"`
			`}`
			`],`
			`"defaultStatus": "unaffected"`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://patchstack.com/database/vulnerability/e2pdf/wordpress-e2pdf-plugin-1-20-23-sql-injection-vulnerability?_s_id=cve",`
			`"refsource": "MISC",`
			`"name": "https://patchstack.com/database/vulnerability/e2pdf/wordpress-e2pdf-plugin-1-20-23-sql-injection-vulnerability?_s_id=cve"`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.1.0-dev"`
			`},`
			`"source": {`
			`"discovery": "EXTERNAL"`
			`},`
			`"solution": [`
			`{`
			`"lang": "en",`
			`"supportingMedia": [`
			`{`
			`"base64": false,`
			`"type": "text/html",`
			`"value": "Update to 1.20.24 or a higher version."`
			`}`
			`],`
			`"value": "Update to\u00a01.20.24 or a higher version."`
			`}`
			`],`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "Muhammad Daffa (Patchstack Alliance)"`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "LOW",`
			`"baseScore": 7.6,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "HIGH",`
			`"scope": "CHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",`
			`"version": "3.1"`
"-Synchronized-Data." 2023-12-14 18:00:33 +00:00			`}`
			`]`
			`}`
			`}`