CVE-2021-38324 - OpenCVE

The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Smartypantsplugins	Sp Rental Manager

Configuration 1 [-]

cpe:2.3:a:smartypantsplugins:sp_rental_manager:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/sp-rental-manager/tags/1.5.3/user/shortcodes.php#L389
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38324

History

Tue, 17 Sep 2024 01:15:00 +0000

Type	Values Removed	Values Added
Title	SP Rental Manager <= 1.5.3 Unauthenticated SQL Injection	SP Rental Manager <= 1.5.3 Unauthenticated SQL Injection

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2021-09-09T18:09:53.452681Z

Updated: 2024-09-17T01:06:47.505Z

Reserved: 2021-08-09T00:00:00

Link: CVE-2021-38324

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-09-09T19:15:14.053

Modified: 2021-09-22T16:44:59.803

Link: CVE-2021-38324

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SP Rental Manager", "vendor": "SP Rental Manager", "versions": [{"lessThanOrEqual": "1.5.3", "status": "affected", "version": "1.5.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "p7e4"}], "datePublic": "2021-09-08T00:00:00", "descriptions": [{"lang": "en", "value": "The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-09T18:09:53", "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38324"}, {"tags": ["x_refsource_MISC"], "url": "https://plugins.trac.wordpress.org/browser/sp-rental-manager/tags/1.5.3/user/shortcodes.php#L389"}], "solutions": [{"lang": "en", "value": "Uninstall plugin from WordPress site."}], "source": {"discovery": "EXTERNAL"}, "title": "SP Rental Manager <= 1.5.3 Unauthenticated SQL Injection", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "Wordfence", "ASSIGNER": "security@wordfence.com", "DATE_PUBLIC": "2021-09-08T20:09:00.000Z", "ID": "CVE-2021-38324", "STATE": "PUBLIC", "TITLE": "SP Rental Manager <= 1.5.3 Unauthenticated SQL Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SP Rental Manager", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.5.3", "version_value": "1.5.3"}]}}]}, "vendor_name": "SP Rental Manager"}]}}, "credit": [{"lang": "eng", "value": "p7e4"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38324", "refsource": "MISC", "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38324"}, {"name": "https://plugins.trac.wordpress.org/browser/sp-rental-manager/tags/1.5.3/user/shortcodes.php#L389", "refsource": "MISC", "url": "https://plugins.trac.wordpress.org/browser/sp-rental-manager/tags/1.5.3/user/shortcodes.php#L389"}]}, "solution": [{"lang": "en", "value": "Uninstall plugin from WordPress site."}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:37:16.332Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38324"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://plugins.trac.wordpress.org/browser/sp-rental-manager/tags/1.5.3/user/shortcodes.php#L389"}]}]}, "cveMetadata": {"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2021-38324", "datePublished": "2021-09-09T18:09:53.452681Z", "dateReserved": "2021-08-09T00:00:00", "dateUpdated": "2024-09-17T01:06:47.505Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:smartypantsplugins:sp_rental_manager:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "85C2E2CD-A462-4905-9F4A-07486571EAD9", "versionEndIncluding": "1.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3."}, {"lang": "es", "value": "El plugin SP Rental Manager de WordPress, es vulnerable a una inyecci\u00f3n SQL por medio del par\u00e1metro orderby encontrado en el archivo ~/user/shortcodes.php que permite a atacantes recuperar informaci\u00f3n contenida en la base de datos de un sitio, en versiones hasta 1.5.3 incluy\u00e9ndola"}], "id": "CVE-2021-38324", "lastModified": "2021-09-22T16:44:59.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2021-09-09T19:15:14.053", "references": [{"source": "security@wordfence.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/browser/sp-rental-manager/tags/1.5.3/user/shortcodes.php#L389"}, {"source": "security@wordfence.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38324"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@wordfence.com", "type": "Secondary"}]}