Published on July 8th, 2019 📆 | 5586 Views ⚑
0Rencontre Plugin up to 3.1.2 on WordPress inc/rencontre_widget.php sql injection
CVSS Meta Temp Score | Current Exploit Price (β) |
---|---|
6.0 | $0-$5k |
A vulnerability was found in Rencontre Plugin up to 3.1.2 on WordPress (WordPress Plugin). It has been classified as critical. Affected is some unknown processing of the file inc/rencontre_widget.php. The manipulation with an unknown input leads to a sql injection vulnerability. CWE is classifying the issue as CWE-89. This is going to have an impact on confidentiality, integrity, and availability. An attacker might be able inject and/or alter existing SQL statements which would influence the database exchange.
The weakness was disclosed 07/08/2019. This vulnerability is traded as CVE-2019-13413 since 07/08/2019. It is possible to launch the attack remotely. There are known technical details, but no exploit is available.
Upgrading to version 3.1.3 eliminates this vulnerability.
The entry 137473 is pretty similar.
Type
Name
VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.0
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: π
VulDB Reliability: π
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
π | π | π | π | π | π |
π | π | π | π | π | π |
π | π | π | π | π | π |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: π
VulDB Temp Score: π
VulDB Reliability: π
Class: Sql injection (CWE-89)
Local: No
Remote: Yes
Availability: π
Status: Not defined
Price Prediction: π
Current Price Estimation: π
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: π
Adversaries: π
Geopolitics: π
Economy: π
Predictions: π
Remediation: πRecommended: Upgrade
Status: π
0-Day Time: π
Upgrade: Rencontre Plugin 3.1.3
07/08/2019 Advisory disclosed
07/08/2019 VulDB entry created
07/08/2019 CVE assigned
07/08/2019 VulDB last update
CVE: CVE-2019-13413 (π)
See also: πCreated: 07/08/2019 09:22 PM
Complete: π
Comments
Download the whitepaper to learn more about our service!
https://vuldb.com/?id.137472
No comments yet. Please log in to comment.