CVE-2024-37252 — SQL Injection in Email Subscribers Newsletters

CWE-89 — SQL Injection3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

0.1%

top 67.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Icegram Email Subscribers Newsletters

Timeline

PublishedJun 26

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.25.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:LExploitability: 3.9 | Impact: 4.7

Affected Packages1 packages

▶CVEListV5icegram/email_subscribers_newslettersn/a — 5.7.25

🔴Vulnerability Details

GHSA

GHSA-76p4-frhc-q2c5: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows S↗2024-06-26

▶

CVEList

WordPress Email Subscribers by Icegram Express plugin <= 5.7.25 - SQL Injection vulnerability↗2024-06-26

▶