CVE-2023-5203 Vulnerability Details

  /     /     /  

CVE-2023-5203 Metadata Quick Info

CVE Published: 26/12/2023 | CVE Updated: 12/09/2024 | CVE Year: 2023
Source: WPScan | Vendor: Unknown | Product: WP Sessions Time Monitoring Full Automatic
Status : PUBLISHED

CVE-2023-5203 Description

The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-89 SQL Injection
Source: Unknown

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: