mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
123 lines
4.7 KiB
JSON
123 lines
4.7 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-54304",
|
|
"ASSIGNER": "audit@patchstack.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hive Support Hive Support \u2013 WordPress Help Desk allows SQL Injection.This issue affects Hive Support \u2013 WordPress Help Desk: from n/a through 1.1.2."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
|
|
"cweId": "CWE-89"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Hive Support",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Hive Support \u2013 WordPress Help Desk",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"lessThanOrEqual": "1.1.2",
|
|
"status": "affected",
|
|
"version": "n/a",
|
|
"versionType": "custom",
|
|
"changes": [
|
|
{
|
|
"at": "1.1.3",
|
|
"status": "unaffected"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"defaultStatus": "unaffected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://patchstack.com/database/wordpress/plugin/hive-support/vulnerability/wordpress-hive-support-plugin-1-1-2-sql-injection-vulnerability?_s_id=cve",
|
|
"refsource": "MISC",
|
|
"name": "https://patchstack.com/database/wordpress/plugin/hive-support/vulnerability/wordpress-hive-support-plugin-1-1-2-sql-injection-vulnerability?_s_id=cve"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.2.0"
|
|
},
|
|
"source": {
|
|
"discovery": "EXTERNAL"
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "Update the WordPress Hive Support \u2013 WordPress Help Desk plugin to the latest available version (at least 1.1.3)."
|
|
}
|
|
],
|
|
"value": "Update the WordPress Hive Support \u2013 WordPress Help Desk plugin to the latest available version (at least 1.1.3)."
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "stealthcopter (Patchstack Alliance)"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"baseScore": 8.5,
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
|
|
"baseSeverity": "HIGH",
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "LOW",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "CHANGED",
|
|
"userInteraction": "NONE",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |