CVE-2023-6373
ArtPlacer Widget < 2.20.7 - Editor+ SQLi
The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor (or above)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Unknown · ArtPlacer WidgetQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →