CVE-2022-2840

The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections
Configurations

Configuration 1 (hide)

cpe:2.3:a:zephyr-one:zephyr_project_manager:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:01

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html - Exploit, Third Party Advisory, VDB Entry
References () https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c - Exploit, Patch, Third Party Advisory () https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c - Exploit, Patch, Third Party Advisory

03 Sep 2024, 13:24

Type Values Removed Values Added
First Time Zephyr-one
Zephyr-one zephyr Project Manager
CPE cpe:2.3:a:zephyr_project_manager_project:zephyr_project_manager:*:*:*:*:*:wordpress:*:* cpe:2.3:a:zephyr-one:zephyr_project_manager:*:*:*:*:*:wordpress:*:*

03 Dec 2022, 02:40

Type Values Removed Values Added
References (MISC) http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html - (MISC) http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html - Exploit, Third Party Advisory, VDB Entry

07 Oct 2022, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-19 14:15

Updated : 2024-11-21 07:01


NVD link : CVE-2022-2840

Mitre link : CVE-2022-2840

CVE.ORG link : CVE-2022-2840


JSON object : View

Products Affected

zephyr-one

  • zephyr_project_manager
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')