CVE-2023-4776
published 2023-10-16CVE-2023-4776: The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare…
PriorityP349high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.72%
49.3th percentile
The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| igexsolutions | wpschoolpress | < 2.2.5 | 2.2.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Apache Shenyu Server Side Request Forgery vulnerability
ghsa·2023-10-19
CVE-2023-25753 [MEDIUM] CWE-918 Apache Shenyu Server Side Request Forgery vulnerability
Apache Shenyu Server Side Request Forgery vulnerability
There exists an SSRF (Server-Side Request Forgery) vulnerability located at the `/sandbox/proxyGateway` endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.
Of particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing.
This issue affects Apache ShenYu: 2.5.1.
Upgrade to Apache ShenYu 2.6.0 or apply patch https://github.com/apache/shenyu/pull/4776 .
GHSA
GHSA-f7v3-rpm4-hwv2: The School Management System WordPress plugin before 2
ghsa_unreviewed·2023-10-16
CVE-2023-4776 [HIGH] CWE-89 GHSA-f7v3-rpm4-hwv2: The School Management System WordPress plugin before 2
The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-10-16
Published