A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to address this issue. The patch is identified as 77dafb6a8cc1015f0777daeb5792f43beef77a9d. It is recommended to upgrade the affected component. VDB-217418 is the identifier assigned to this vulnerability.
References
Link | Resource |
---|---|
https://github.com/slackero/phpwcms/commit/77dafb6a8cc1015f0777daeb5792f43beef77a9d | Patch |
https://github.com/slackero/phpwcms/releases/tag/v1.9.27 | Release Notes |
https://vuldb.com/?ctiid.217418 | Third Party Advisory VDB Entry |
https://vuldb.com/?id.217418 | Third Party Advisory VDB Entry |
https://github.com/slackero/phpwcms/commit/77dafb6a8cc1015f0777daeb5792f43beef77a9d | Patch |
https://github.com/slackero/phpwcms/releases/tag/v1.9.27 | Release Notes |
https://vuldb.com/?ctiid.217418 | Third Party Advisory VDB Entry |
https://vuldb.com/?id.217418 | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 06:37
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 6.3 |
References | () https://github.com/slackero/phpwcms/commit/77dafb6a8cc1015f0777daeb5792f43beef77a9d - Patch | |
References | () https://github.com/slackero/phpwcms/releases/tag/v1.9.27 - Release Notes | |
References | () https://vuldb.com/?ctiid.217418 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?id.217418 - Third Party Advisory, VDB Entry |
11 Apr 2024, 01:13
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
30 Oct 2023, 19:58
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-89 | |
References | (MISC) https://github.com/slackero/phpwcms/releases/tag/v1.9.27 - Release Notes |
20 Oct 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
Summary | A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to address this issue. The patch is identified as 77dafb6a8cc1015f0777daeb5792f43beef77a9d. It is recommended to upgrade the affected component. VDB-217418 is the identifier assigned to this vulnerability. |
Information
Published : 2023-01-07 22:15
Updated : 2024-11-21 06:37
NVD link : CVE-2021-4301
Mitre link : CVE-2021-4301
CVE.ORG link : CVE-2021-4301
JSON object : View
Products Affected
phpwcms
- phpwcms
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')