Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2019-10866
HistoryMay 23, 2019 - 7:29 p.m.

CVE-2019-10866

2019-05-2319:29:01
CWE-89
mitre
web.nvd.nist.gov
94
cve
2019
10866
sql injection
form maker
wordpress
plugin

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.003

Percentile

70.6%

JSON

In the Form Maker plugin before 1.13.3 for WordPress, it’s possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.

Affected configurations

Nvd
Node
10webform_makerRange<1.13.3wordpress
VendorProductVersionCPE
10webform_maker*cpe:2.3:a:10web:form_maker:*:*:*:*:*:wordpress:*:*

Related

prion 1
exploitpack 1
exploitdb 1
packetstorm 1
zdt 2
nvd 1
patchstack 1
wpvulndb 1
openvas 1
checkpoint_advisories 1
cvelist 1
prion
prion
Sql injection
2019-05-23 19:29:00
exploitpack
exploitpack
WordPress Plugin Form Maker 1.13.3 - SQL Injection
2019-06-03 00:00:00
exploitdb
exploitdb
WordPress Plugin Form Maker 1.13.3 - SQL Injection
2019-06-03 00:00:00
packetstorm
packetstorm
WordPress Form Maker 1.13.3 SQL Injection
2019-05-13 00:00:00
zdt
zdt
WordPress Form Maker 1.13.3 Plugin - SQL Injection Exploit
2019-06-03 00:00:00
WordPress Form Maker 1.13.3 SQL Injection Vulnerability
2019-05-14 00:00:00
nvd
nvd
CVE-2019-10866
2019-05-23 19:29:01
patchstack
patchstack
WordPress Form Maker by 10Web plugin <= 1.13.2 - Authenticated SQL Injection (SQLi) vulnerability
2019-05-25 00:00:00
wpvulndb
wpvulndb
Form Maker by 10Web < 1.13.3 - Authenticated SQL Injection
2019-05-10 00:00:00
openvas
openvas
WordPress Form Maker Plugin < 1.13.3 SQL Injection Vulnerability
2019-06-03 00:00:00
checkpoint_advisories
checkpoint_advisories
WordPress Form Maker Plugin SQL Injection (CVE-2019-10866)
2019-06-17 00:00:00
cvelist
cvelist
CVE-2019-10866
2019-05-23 18:34:28

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.003

Percentile

70.6%

JSON
Related for CVE-2019-10866
prion1exploitpack1exploitdb1packetstorm1zdt2nvd1patchstack1wpvulndb1openvas1checkpoint_advisories1cvelist1