nvd-json-data-feeds/CVE-2022/CVE-2022-10xx/CVE-2022-1006.json

{
  "id": "CVE-2022-1006",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2022-04-11T15:15:08.930",
  "lastModified": "2022-04-14T20:53:31.417",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks"
    },
    {
      "lang": "es",
      "value": "El plugin Advanced Booking Calendar de WordPress versiones anteriores a 1.7.1, no sanea y escapa del par\u00e1metro id cuando se editan los Calendarios, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de inyecci\u00f3n SQL"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "contact@wpscan.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:elbtide:advanced_booking_calendar:*:*:*:*:*:wordpress:*:*",
              "versionEndExcluding": "1.7.1",
              "matchCriteriaId": "1E028221-2823-457E-9390-A878418E1B89"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset/2695427",
      "source": "contact@wpscan.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://wpscan.com/vulnerability/c5569317-b8c8-4524-8375-3e2369bdcc68",
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ]
    }
  ]
}