CVE-2024-37934

Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-8-4-subscriber-arbitrary-shortcode-execution-vulnerability?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:wordpress:*:*

History

29 Aug 2024, 18:37

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.4~~	v2 : unknown v3 : 9.8
CPE		cpe:2.3:a:ninjaforms:ninja_forms::::::wordpress::*
References	~~() https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-8-4-subscriber-arbitrary-shortcode-execution-vulnerability?_s_id=cve -~~	() https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-8-4-subscriber-arbitrary-shortcode-execution-vulnerability?_s_id=cve - Third Party Advisory
First Time		Ninjaforms ninja Forms Ninjaforms
Summary		(es) La vulnerabilidad de control inadecuado de la generación de código ("inyección de código") en Saturday Drive Ninja Forms permite la inyección de código. Este problema afecta a Ninja Forms: desde n/a hasta 3.8.4.

09 Jul 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-09 13:15

Updated : 2024-08-29 18:37

NVD link : CVE-2024-37934

Mitre link : CVE-2024-37934

CVE.ORG link : CVE-2024-37934

JSON object : View

Products Affected

ninjaforms

ninja_forms

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

9.8 /10