CVE-2024-38788

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/uipress-lite/wordpress-uipress-lite-plugin-3-4-06-sql-injection-vulnerability?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:uipress:uipress_lite:*:*:*:*:*:wordpress:*:*

History

02 Aug 2024, 05:15

Type	Values Removed	Values Added
Summary	(en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in B?i Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.	(en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.

29 Jul 2024, 20:19

Type	Values Removed	Values Added
References	~~() https://patchstack.com/database/vulnerability/uipress-lite/wordpress-uipress-lite-plugin-3-4-06-sql-injection-vulnerability?_s_id=cve -~~	() https://patchstack.com/database/vulnerability/uipress-lite/wordpress-uipress-lite-plugin-3-4-06-sql-injection-vulnerability?_s_id=cve - Third Party Advisory
First Time		Uipress Uipress uipress Lite
CPE		cpe:2.3:a:uipress:uipress_lite::::::wordpress::*
Summary	(en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.	(en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in B?i Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.
CVSS	v2 : ~~unknown~~ v3 : ~~7.6~~	v2 : unknown v3 : 7.2

22 Jul 2024, 14:15

Type	Values Removed	Values Added
Summary	(en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in B?i Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.	(en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.

22 Jul 2024, 13:00

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de neutralización incorrecta de elementos especiales usados en de comando SQL ("Inyección SQL") en B?i Admin 2020 UiPress lite permite la inyección SQL. Este problema afecta a UiPress lite: desde n/a hasta 3.4.06.
Summary	(en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.	(en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in B?i Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.

22 Jul 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-22 11:15

Updated : 2024-08-02 05:15

NVD link : CVE-2024-38788

Mitre link : CVE-2024-38788

CVE.ORG link : CVE-2024-38788

JSON object : View

Products Affected

uipress

uipress_lite

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.2 /10