CVE-2017-6573
Mail Masta <= 1.0 - SQL Injection via id parameter
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id.
Un problema de inyección SQL es explotable, con acceso admin de WordPress, en el plugin Mail Masta (también conocido como mail-masta) 1.0 para WordPress. Esto afecta a ./inc/lists/edit-list.php con el parámetro GET: id.
*Credits:
Hanley Shun
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-02-18 CVE Published
- 2017-03-09 CVE Reserved
- 2023-03-07 EPSS Updated
- 2024-08-05 First Exploit
- 2024-08-15 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/96783 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mail-masta Project Search vendor "Mail-masta Project" | Mail-masta Search vendor "Mail-masta Project" for product "Mail-masta" | 1.0 Search vendor "Mail-masta Project" for product "Mail-masta" and version "1.0" | wordpress |
Affected
|