cvelist/2023/52xxx/CVE-2023-52215.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-52215",
        "ASSIGNER": "audit@patchstack.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Simple Inventory Management \u2013 just scan barcode to manage products and orders. For WooCommerce.This issue affects Simple Inventory Management \u2013 just scan barcode to manage products and orders. For WooCommerce: from n/a through 1.5.1.\n\n"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                        "cweId": "CWE-89"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "UkrSolution",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Simple Inventory Management \u2013 just scan barcode to manage products and orders. For WooCommerce",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "not down converted",
                                            "x_cve_json_5_version_data": {
                                                "versions": [
                                                    {
                                                        "changes": [
                                                            {
                                                                "at": "1.5.2",
                                                                "status": "unaffected"
                                                            }
                                                        ],
                                                        "lessThanOrEqual": "1.5.1",
                                                        "status": "affected",
                                                        "version": "n/a",
                                                        "versionType": "custom"
                                                    }
                                                ],
                                                "defaultStatus": "unaffected"
                                            }
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-1-unauthenticated-sql-injection-vulnerability?_s_id=cve",
                "refsource": "MISC",
                "name": "https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-1-unauthenticated-sql-injection-vulnerability?_s_id=cve"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "discovery": "EXTERNAL"
    },
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "Update to&nbsp;1.5.2 or a higher version."
                }
            ],
            "value": "Update to\u00a01.5.2 or a higher version."
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "Rafie Muhammad (Patchstack)"
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2023-12-29 13:00:35 +00:00			`{`
"-Synchronized-Data." 2024-01-08 18:00:38 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2023-12-29 13:00:35 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2023-52215",`
"-Synchronized-Data." 2024-01-08 18:00:38 +00:00			`"ASSIGNER": "audit@patchstack.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2023-12-29 13:00:35 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2024-01-08 18:00:38 +00:00			`"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Simple Inventory Management \u2013 just scan barcode to manage products and orders. For WooCommerce.This issue affects Simple Inventory Management \u2013 just scan barcode to manage products and orders. For WooCommerce: from n/a through 1.5.1.\n\n"`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",`
			`"cweId": "CWE-89"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "UkrSolution",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Simple Inventory Management \u2013 just scan barcode to manage products and orders. For WooCommerce",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "not down converted",`
			`"x_cve_json_5_version_data": {`
			`"versions": [`
			`{`
			`"changes": [`
			`{`
			`"at": "1.5.2",`
			`"status": "unaffected"`
			`}`
			`],`
			`"lessThanOrEqual": "1.5.1",`
			`"status": "affected",`
			`"version": "n/a",`
			`"versionType": "custom"`
			`}`
			`],`
			`"defaultStatus": "unaffected"`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-1-unauthenticated-sql-injection-vulnerability?_s_id=cve",`
			`"refsource": "MISC",`
			`"name": "https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-1-unauthenticated-sql-injection-vulnerability?_s_id=cve"`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.1.0-dev"`
			`},`
			`"source": {`
			`"discovery": "EXTERNAL"`
			`},`
			`"solution": [`
			`{`
			`"lang": "en",`
			`"supportingMedia": [`
			`{`
			`"base64": false,`
			`"type": "text/html",`
			`"value": "Update to 1.5.2 or a higher version."`
			`}`
			`],`
			`"value": "Update to\u00a01.5.2 or a higher version."`
			`}`
			`],`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "Rafie Muhammad (Patchstack)"`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "LOW",`
			`"baseScore": 9.3,`
			`"baseSeverity": "CRITICAL",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "NONE",`
			`"scope": "CHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",`
			`"version": "3.1"`
"-Synchronized-Data." 2023-12-29 13:00:35 +00:00			`}`
			`]`
			`}`
			`}`