The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks.
Metrics
Affected Vendors & Products
References
History
Wed, 09 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-08-14T19:10:19.283Z
Updated: 2024-10-09T13:21:07.606Z
Reserved: 2023-06-27T17:40:30.280Z
Link: CVE-2023-3435
Vulnrichment
Updated: 2024-08-02T06:55:03.386Z
NVD
Status : Modified
Published: 2023-08-14T20:15:11.747
Modified: 2024-11-21T08:17:15.720
Link: CVE-2023-3435
Redhat
No data.