CVE-2019-10866
Form Maker by 10Web <= 1.13.2 - Authenticated SQL Injection
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.
En el plugin de Form Maker anterior de la versión 1.13.3 para WordPress, es posible conseguir una inyección SQL en la función get_labels_parameters en el archivo form-maker/admin/models/Submissions_fm.php con un valor creado del parámetro /models/Submissioc.
WordPress Form Maker plugin version 1.13.3 suffers from a remote SQL injection vulnerability.
*Credits:
Daniele Scanu
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-04-04 CVE Reserved
- 2019-05-10 CVE Published
- 2019-06-03 First Exploit
- 2024-08-04 CVE Updated
- 2024-10-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://wordpress.org/plugins/form-maker/#developers | Release Notes | |
| https://wpvulndb.com/vulnerabilities/9286 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/46958 | 2019-06-03 | |
| http://seclists.org/fulldisclosure/2019/May/8 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| 10web Search vendor "10web" | Form Maker Search vendor "10web" for product "Form Maker" | < 1.13.3 Search vendor "10web" for product "Form Maker" and version " < 1.13.3" | wordpress |
Affected
| ||||||