Lucene search

[email protected]CVE-2023-23991

HistoryMar 26, 2024 - 9:15 a.m.

CVE-2023-23991

2024-03-2609:15:08

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-23991

sql injection

wpdevelop

oplugins booking calendar

vulnerability

nvd

security

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

7.6 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3.

Affected configurations

Vulners

Node

wpdevelop_\/_opluginsbooking_calendarRange≤9.4.3

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "booking",
    "product": "Booking Calendar",
    "vendor": "WPdevelop / Oplugins",
    "versions": [
      {
        "changes": [
          {
            "at": "9.4.3.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "9.4.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/booking/wordpress-booking-calendar-plugin-9-4-2-sql-injection?_s_id=cve

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

7.6 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-23991

nvd1 cvelist1