CVE-2024-6723 — SQL Injection in AI Engine

CWE-89 — SQL Injection CWE-843 — Type Confusion CWE-122 — Heap-based Buffer Overflow CWE-449 — The UI Performs the Wrong Action CWE-190 — Integer Overflow or Wraparound CWE-126 — Buffer Over-read CWE-416 — Use After Free28 documents4 sources

Severity

4.7MEDIUMNVD

EPSS

0.2%

top 56.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Meowapps AI Engine

Timeline

PublishedSep 13

Latest updateNov 12

Description

The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages1 packages

▶NVDmeowapps/ai_engine< 2.4.8

🔴Vulnerability Details

CVEList

AI Engine < 2.4.8 - Admin+ SQLi↗2024-09-13

▶

GHSA

GHSA-gr4h-g2ph-j8j2: The AI Engine WordPress plugin before 2↗2024-09-13

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2024-10827 Use after free in Serial↗2024-11-12

▶

Microsoft

Chromium: CVE-2024-10826 Use after free in Family Experiences↗2024-11-12

▶

Microsoft

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability↗2024-10-08

▶

Microsoft

Chromium: CVE-2024-9963 Insufficient data validation in Downloads↗2024-10-08

▶

Microsoft

Chromium: CVE-2024-9966 Inappropriate implementation in Navigations↗2024-10-08

▶