CVE-2022-3689 — SQL Injection in Html Forms

CWE-89 — SQL Injection4 documents4 sources

Severity

7.2HIGHNVD

EPSS

35.5%

top 2.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linksoftwarellc Html Forms

Timeline

PublishedNov 28

Latest updateJul 16

Description

The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶NVDlinksoftwarellc/html_forms< 1.3.25

🔴Vulnerability Details

CVEList

HTML Forms < 1.3.25 - Admin+ SQLi↗2022-11-28

▶

GHSA

GHSA-pj2v-wf83-5cr4: The HTML Forms WordPress plugin before 1↗2022-11-28

▶

📋Vendor Advisories

Red Hat

kernel: usb: gadget: Fix use-after-free bug by not setting udc->dev.driver↗2024-07-16

▶