CVE-2019-13571 Information
Feb 14, 2021
cve
Description
A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://fortiguard.com/zeroday/FG-VD-19-093 https://github.com/beerpwn/ctf/blob/master/CVE/CVE-2019-13571/report.pdf https://github.com/beerpwn/ctf/tree/master/CVE/CVE-2019-13571 https://plugins.trac.wordpress.org/changeset/2123623 https://wordpress.org/plugins/advanced-cf7-db/developers https://wpvulndb.com/vulnerabilities/9479
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: