CVE-2024-31077

CWE-89SQL Injection3 documents3 sources
Severity
7.2HIGH
EPSS
34.5%
top 3.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Incsub ForminatorWpmu DEV Forminator
Timeline
PublishedApr 23

Description

Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any information in the database and cause a denial-of-service (DoS) condition.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDincsub/forminator< 1.29.3
CVEListV5wpmu_dev/forminatorprior to 1.29.3

🔴Vulnerability Details

2
CVEList
CVE-2024-31077: Forminator prior to 12024-04-23
GHSA
GHSA-r95q-f4c4-7f24: Forminator prior to 12024-04-23
CVE-2024-31077 (HIGH CVSS 7.2) | Forminator prior to 1.29.3 contains | cvebase.io