CVE-2024-32139

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGH

EPSS

7.3%

top 8.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Podlove Podlove Podcast Publisher

Timeline

PublishedApr 15

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.12.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:LExploitability: 3.1 | Impact: 4.7

Affected Packages2 packages

▶CVEListV5podlove/podlove_podcast_publishern/a — 4.0.12

▶NVDpodlove/podlove_podcast_publisher4.0.12

🔴Vulnerability Details

GHSA

GHSA-45p8-xp39-q9qf: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher↗2024-04-15

▶

CVEList

WordPress Podlove Podcast Publisher plugin <= 4.0.12 - SQL Injection vulnerability↗2024-04-15

▶