CVE-2023-50842 — SQL Injection in Fries MF GIG Calendar

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGHNVD

CNA8.5

EPSS

0.3%

top 45.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Matthew Fries MF GIG Calendar MF GIG Calendar Project MF GIG Calendar

Timeline

PublishedDec 28

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5matthew_fries/mf_gig_calendarn/a — 1.2.1

▶NVDmf_gig_calendar_project/mf_gig_calendar1.2.1

🔴Vulnerability Details

CVEList

WordPress MF Gig Calendar Plugin <= 1.2.1 is vulnerable to SQL Injection↗2023-12-28

▶

GHSA

GHSA-2rwf-gw57-98vq: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Matthew Fries MF Gig Calendar↗2023-12-28

▶