Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3.
History

Tue, 22 Oct 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Sermonaudio
Sermonaudio sermonaudio Widgets
CPEs cpe:2.3:a:sermonaudio:sermonaudio_widgets:*:*:*:*:*:wordpress:*:*
Vendors & Products Sermonaudio
Sermonaudio sermonaudio Widgets

Mon, 21 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 20 Oct 2024 10:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3.
Title WordPress SermonAudio Widgets plugin <= 1.9.3 - SQL Injection vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-10-20T09:58:12.440Z

Updated: 2024-10-21T19:11:18.443Z

Reserved: 2024-10-17T09:51:21.345Z

Link: CVE-2024-49614

cve-icon Vulnrichment

Updated: 2024-10-21T19:11:13.601Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-20T10:15:04.477

Modified: 2024-10-22T15:34:09.190

Link: CVE-2024-49614

cve-icon Redhat

No data.