CVE-2023-37966 — SQL Injection in Infotech User Activity LOG

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 36.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Solwin Infotech User Activity LOG Solwininfotech User Activity LOG

Timeline

PublishedOct 31

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a through 1.6.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDsolwininfotech/user_activity_log1.6.2

▶CVEListV5solwin_infotech/user_activity_logn/a — 1.6.2

🔴Vulnerability Details

GHSA

GHSA-w47r-jmwx-8fq5: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-↗2023-10-31

▶

CVEList

WordPress User Activity Log Plugin <= 1.6.2 is vulnerable to SQL Injection↗2023-10-31

▶