Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Schreikasten <= 0.14.18 - Author+ SQL Injections
Vulnerability Description
The Schreikasten WordPress plugin through 0.14.18 does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authenticated SQL Injections which can be exploited by users as low as author
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
WordPress SQL注入漏洞
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress plugin 存在SQL注入漏洞,该漏洞源于 The Schreikasten WordPress 插件在 comments dashboard 中的 SQL 语句中从各种操作中使用它之前不会清理或转义 id GET 参数,导致经过身份验证的 SQL 注入,可以被低至作者的用户利用
CVSS Information
N/A
Vulnerability Type
N/A