Lucene search

[email protected]NVD:CVE-2022-1006

HistoryApr 11, 2022 - 3:15 p.m.

CVE-2022-1006

2022-04-1115:15:08

CWE-89

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

41.2%

JSON

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks

Affected configurations

NVD

Node

elbtideadvanced_booking_calendarRange<1.7.1wordpress

References

plugins.trac.wordpress.org/changeset/2695427

wpscan.com/vulnerability/c5569317-b8c8-4524-8375-3e2369bdcc68

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

41.2%

JSON

Related for NVD:CVE-2022-1006

wpvulndb1 cve1 prion1 wpexploit1 cnvd1 cvelist1