1 results (0.002 seconds)
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15919 – Ultimate Form Builder Lite <= 1.3.6 - SQL Injection to PHP Object Injection
https://notcve.org/view.php?id=CVE-2017-15919
The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. El plugin ultimate-form-builder-lite en versiones anteriores a la 1.3.7 para WordPress tiene Inyección SQL, con inyección de objetos PHP como resultado, mediante wp-admin/admin-ajax.php. • http://www.securityfocus.com/bid/101604 https://wordpress.org/plugins/ultimate-form-builder-lite/#developers https://wpvulndb.com/vulnerabilities/8935 https://www.wordfence.com/blog/2017/10/zero-day-vulnerability-ultimate-form-builder-lite • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •