The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html | Exploit Third Party Advisory VDB Entry |
https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c | Exploit Patch Third Party Advisory |
http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html | Exploit Third Party Advisory VDB Entry |
https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c | Exploit Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 07:01
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c - Exploit, Patch, Third Party Advisory |
03 Sep 2024, 13:24
Type | Values Removed | Values Added |
---|---|---|
First Time |
Zephyr-one
Zephyr-one zephyr Project Manager |
|
CPE | cpe:2.3:a:zephyr-one:zephyr_project_manager:*:*:*:*:*:wordpress:*:* |
03 Dec 2022, 02:40
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html - Exploit, Third Party Advisory, VDB Entry |
07 Oct 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-19 14:15
Updated : 2024-11-21 07:01
NVD link : CVE-2022-2840
Mitre link : CVE-2022-2840
CVE.ORG link : CVE-2022-2840
JSON object : View
Products Affected
zephyr-one
- zephyr_project_manager
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')