CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-5315

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1200%
EPSS Percentile36.70th
Published2018年1月12日
Last Modified2024年11月21日

Vulnerability Description

The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.

Affected Platforms (CPE)

📦
Wp Events Calendar Project

Wp Events Calendar

= 1.0

References & Advisories

🔗 http://packetstormsecurity.com/files/145833/WordPress-Events-Calendar-1.0-SQL-Injection.html
🔗 https://www.exploit-db.com/exploits/43479/
🔗 http://packetstormsecurity.com/files/145833/WordPress-Events-Calendar-1.0-SQL-Injection.html
🔗 https://www.exploit-db.com/exploits/43479/

相关漏洞威胁

CVE-2008-467310.0

PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1...

CVE-2021-420779.8

PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter...

CVE-2018-63989.8

SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.

CVE-2021-249439.8

The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send...