nvd-json-data-feeds/CVE-2021/CVE-2021-434xx/CVE-2021-43408.json

{
  "id": "CVE-2021-43408",
  "sourceIdentifier": "info@appcheck-ng.com",
  "published": "2021-11-19T16:15:07.987",
  "lastModified": "2021-11-24T16:53:11.793",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "The \"Duplicate Post\" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles."
    },
    {
      "lang": "es",
      "value": "El plugin de WordPress \"Duplicate Post\" hasta la versi\u00f3n 1.1.9 inclusive es vulnerable a la inyecci\u00f3n SQL. Las vulnerabilidades de inyecci\u00f3n SQL se producen cuando los datos suministrados por el cliente se incluyen en una consulta SQL de forma insegura. La inyecci\u00f3n SQL puede ser explotada t\u00edpicamente para leer, modificar y borrar datos de tablas SQL. En muchos casos tambi\u00e9n es posible explotar las caracter\u00edsticas del servidor SQL para ejecutar comandos del sistema y/o acceder al sistema de archivos local. Esta vulnerabilidad en particular puede ser explotada por cualquier usuario autenticado al que se le haya concedido acceso para utilizar el plugin Duplicate Post. Por defecto, esto est\u00e1 limitado a los Administradores, sin embargo el plugin presenta la opci\u00f3n de permitir el acceso a los roles de Editor, Autor, Colaborador y Suscriptor"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      },
      {
        "source": "info@appcheck-ng.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    },
    {
      "source": "info@appcheck-ng.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:duplicate_post_project:duplicate_post:*:*:*:*:*:wordpress:*:*",
              "versionEndIncluding": "1.1.9",
              "matchCriteriaId": "F524DCA6-C5EB-41AF-B0F4-DF17460686E8"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://appcheck-ng.com/security-advisory-duplicate-post-wordpress-plugin-sql-injection-vulnerability/",
      "source": "info@appcheck-ng.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.2.0/post/handler.php#L510",
      "source": "info@appcheck-ng.com",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}