CVE-2023-1408
published 2023-05-08CVE-2023-1408: The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL…
PriorityP348high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
3.23%
86.7th percentile
The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| video_list_manager_project | video_list_manager | <= 1.7 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Video List Manager <= 1.7 - SQL Injection
nuclei·CVSS 7.2
CVE-2023-1408 [HIGH] Video List Manager <= 1.7 - SQL Injection
Video List Manager =7'
- 'status_code_2 == 200'
- 'contains_all(body_2, "Edit Video","Youtube")'
condition: and
# digest: 4a0a00473045022100ec0add615880bfb02be4e77fcaccc19a1f2acf32b3f55aaf8d20aa84495ccf0d022023743cdc2c85b6baed6caf29d82e4eaecb32e682997154995762a04ee8dba34f:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2023-05-08
Published