CVE-2015-9452 - OpenCVE

The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nex-forms - Ultimate Form Builder Project	Nex-forms - Ultimate Form Builder

Configuration 1 [-]

cpe:2.3:a:nex-forms_-_ultimate_form_builder_project:nex-forms_-_ultimate_form_builder:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
http://cinu.pl/research/wp-plugins/mail_cb24b6204803e8e94943b198edc37af7.html
https://wordpress.org/plugins/nex-forms-express-wp-form-builder/#developers
https://wpvulndb.com/vulnerabilities/8336

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-07T14:19:48

Updated: 2024-08-06T08:51:05.292Z

Reserved: 2019-09-26T00:00:00

Link: CVE-2015-9452

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-10-07T15:15:10.233

Modified: 2019-10-08T20:29:59.537

Link: CVE-2015-9452

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-07T14:19:48", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/8336"}, {"tags": ["x_refsource_MISC"], "url": "https://wordpress.org/plugins/nex-forms-express-wp-form-builder/#developers"}, {"tags": ["x_refsource_MISC"], "url": "http://cinu.pl/research/wp-plugins/mail_cb24b6204803e8e94943b198edc37af7.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-9452", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://wpvulndb.com/vulnerabilities/8336", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/8336"}, {"name": "https://wordpress.org/plugins/nex-forms-express-wp-form-builder/#developers", "refsource": "MISC", "url": "https://wordpress.org/plugins/nex-forms-express-wp-form-builder/#developers"}, {"name": "http://cinu.pl/research/wp-plugins/mail_cb24b6204803e8e94943b198edc37af7.html", "refsource": "MISC", "url": "http://cinu.pl/research/wp-plugins/mail_cb24b6204803e8e94943b198edc37af7.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:51:05.292Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/8336"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wordpress.org/plugins/nex-forms-express-wp-form-builder/#developers"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://cinu.pl/research/wp-plugins/mail_cb24b6204803e8e94943b198edc37af7.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-9452", "datePublished": "2019-10-07T14:19:48", "dateReserved": "2019-09-26T00:00:00", "dateUpdated": "2024-08-06T08:51:05.292Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nex-forms_-_ultimate_form_builder_project:nex-forms_-_ultimate_form_builder:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "50D25556-C4DE-4132-8A24-BF4BFCE11DD5", "versionEndExcluding": "4.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter."}, {"lang": "es", "value": "El plugin nex-forms-express-wp-form-builder versiones anteriores a 4.6.1 para WordPress, presenta una inyecci\u00f3n SQL por medio del par\u00e1metro nex_forms_Id de wp-admin/admin.php?page=nex-forms-main."}], "id": "CVE-2015-9452", "lastModified": "2019-10-08T20:29:59.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-07T15:15:10.233", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://cinu.pl/research/wp-plugins/mail_cb24b6204803e8e94943b198edc37af7.html"}, {"source": "cve@mitre.org", "tags": ["Product", "Release Notes"], "url": "https://wordpress.org/plugins/nex-forms-express-wp-form-builder/#developers"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpvulndb.com/vulnerabilities/8336"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}