CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-14230 – OnionBuzz Plugin < 1.2.7 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-14230
20 Jul 2019 — An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. One could exploit the id parameter in the set_count ajax nopriv handler due to there being no sanitization prior to use in a SQL query in saveQuestionVote. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure. Se detectó un problema en el plugin OnionBuzz anterior a versión 1.2.7 de Viral Quiz Maker, para WordPress. Alguien p... • http://www.openwall.com/lists/oss-security/2019/07/23/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2019-14231 – Viral Quiz Maker - OnionBuzz < 1.2.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-14231
20 Jul 2019 — An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. One could exploit the points parameter in the ob_get_results ajax nopriv handler due to there being no sanitization prior to use in a SQL query in getResultByPointsTrivia. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure. Se detectó un problema en el plugin OnionBuzz anterior a versión 1.2.2 de Viral Quiz Maker para WordP... • http://www.openwall.com/lists/oss-security/2019/07/23/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •