CVE-2023-5203

The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/7f4f505b-2667-4e0f-9841-9c1cd0831932	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:swit:wp_sessions_time_monitoring_full_automatic:*:*:*:*:*:wordpress:*:*

History

02 Jan 2024, 20:43

Type	Values Removed	Values Added
CPE		cpe:2.3:a:swit:wp_sessions_time_monitoring_full_automatic::::::wordpress::*
CWE		CWE-89
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Swit Swit wp Sessions Time Monitoring Full Automatic
References	~~() https://wpscan.com/vulnerability/7f4f505b-2667-4e0f-9841-9c1cd0831932 -~~	() https://wpscan.com/vulnerability/7f4f505b-2667-4e0f-9841-9c1cd0831932 - Exploit

26 Dec 2023, 20:34

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-26 19:15

Updated : 2024-09-12 13:35

NVD link : CVE-2023-5203

Mitre link : CVE-2023-5203

CVE.ORG link : CVE-2023-5203

JSON object : View

Products Affected

swit

wp_sessions_time_monitoring_full_automatic

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-5203", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-26T19:15:07.770", "references": [{"url": "https://wpscan.com/vulnerability/7f4f505b-2667-4e0f-9841-9c1cd0831932", "tags": ["Exploit"], "source": "contact@wpscan.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique."}, {"lang": "es", "value": "El complemento WP Sessions Time Monitoring Full Automatic WordPres anterior a 1.0.9 no sanitiza la URL de solicitud ni los par\u00e1metros de consulta antes de usarlos en una consulta SQL, lo que permite a atacantes no autenticados extraer datos confidenciales de la base de datos mediante t\u00e9cnicas ciegas de inyecci\u00f3n SQL basadas en tiempo, o en algunos casos, una t\u00e9cnica basada en error/union."}], "lastModified": "2024-09-12T13:35:21.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:swit:wp_sessions_time_monitoring_full_automatic:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FBE283B1-312C-42E8-A629-6B260999CE46", "versionEndExcluding": "1.0.9"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}