CVE-2019-13571

A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
Configurations

Configuration 1 (hide)

cpe:2.3:a:vsourz:advanced_cf7_db:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 04:25

Type Values Removed Values Added
References () https://fortiguard.com/zeroday/FG-VD-19-093 - Broken Link () https://fortiguard.com/zeroday/FG-VD-19-093 - Broken Link
References () https://github.com/beerpwn/ctf/blob/master/CVE/CVE-2019-13571/report.pdf - Exploit, Technical Description () https://github.com/beerpwn/ctf/blob/master/CVE/CVE-2019-13571/report.pdf - Exploit, Technical Description
References () https://github.com/beerpwn/ctf/tree/master/CVE/CVE-2019-13571 - Exploit, Technical Description () https://github.com/beerpwn/ctf/tree/master/CVE/CVE-2019-13571 - Exploit, Technical Description
References () https://plugins.trac.wordpress.org/changeset/2123623 - Release Notes, Third Party Advisory () https://plugins.trac.wordpress.org/changeset/2123623 - Release Notes, Third Party Advisory
References () https://wordpress.org/plugins/advanced-cf7-db/#developers - Third Party Advisory () https://wordpress.org/plugins/advanced-cf7-db/#developers - Third Party Advisory
References () https://wpvulndb.com/vulnerabilities/9479 - Third Party Advisory, VDB Entry () https://wpvulndb.com/vulnerabilities/9479 - Third Party Advisory, VDB Entry

Information

Published : 2019-07-29 18:15

Updated : 2024-11-21 04:25


NVD link : CVE-2019-13571

Mitre link : CVE-2019-13571

CVE.ORG link : CVE-2019-13571


JSON object : View

Products Affected

vsourz

  • advanced_cf7_db
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')