admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/1xxx/CVE-2022-1006.json
erwanlr ac2e8740b7 Adds CVEs
2022-04-11 16:35:12 +02:00

80 lines
2.0 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ID": "CVE-2022-1006",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Advanced Booking Calendar < 1.7.1 - Admin+ SQLi"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Advanced Booking Calendar",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.1",
"version_value": "1.7.1"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c5569317-b8c8-4524-8375-3e2369bdcc68",
"name": "https://wpscan.com/vulnerability/c5569317-b8c8-4524-8375-3e2369bdcc68"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2695427",
"name": "https://plugins.trac.wordpress.org/changeset/2695427"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "YICHENG LIU-ZTE CHENFENG lab"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
Reference in New Issue View Git Blame Copy Permalink