Lucene search
PatchstackCVE-2024-35678HistoryJun 08, 2024 - 4:15 p.m.
CVE-2024-35678
2024-06-0816:15:09
CWE-89
Patchstack
web.nvd.nist.gov
31
cve-2024-35678
improper neutralization
special elements
sql command
contact form
bestwebsoft
CVSS3
8.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
EPSS
0
Percentile
9.0%
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in BestWebSoft Contact Form to DB by BestWebSoft.This issue affects Contact Form to DB by BestWebSoft: from n/a through 1.7.2.
Affected configurations
Node
bestwebsoftcontact_form_to_dbRange≤1.7.2wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bestwebsoft | contact_form_to_db | * | cpe:2.3:a:bestwebsoft:contact_form_to_db:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "contact-form-to-db",
"product": "Contact Form to DB by BestWebSoft",
"vendor": "BestWebSoft",
"versions": [
{
"changes": [
{
"at": "1.7.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.7.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-35678
2024-06-08 16:15:09
cvelist
cvelist
vulnrichment
vulnrichment
wpvulndb
wpvulndb
wordfence
wordfence
CVSS3
8.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
EPSS
0
Percentile
9.0%
Related for CVE-2024-35678