CVE-2024-6926 - Vulnerability Details - OpenCVE

ReportizFlow

The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact total

Vendors	Products
Wow-company	Viral-signup Viral Signup

Configuration 1 [-]

cpe:2.3:a:wow-company:viral_signup:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/9ce96ce5-fcf0-4d7a-b562-f63ea3418d93/

History

Mon, 07 Oct 2024 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wow-company viral Signup
Weaknesses		CWE-89
CPEs		cpe:2.3:a:wow-company:viral_signup::::::wordpress::*
Vendors & Products		Wow-company viral Signup

Wed, 04 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wow-company Wow-company viral-signup
CPEs		cpe:2.3:a:wow-company:viral-signup::::::::
Vendors & Products		Wow-company Wow-company viral-signup
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 04 Sep 2024 06:15:00 +0000

Type	Values Removed	Values Added
Description		The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
Title		Viral Signup <= 2.1 - Unauthenticated SQLi
References		https://wpscan.com/vulnerability/9ce96ce5-fcf0-4d7a-b562-f63ea3418d93/

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-09-04T06:00:04.238Z

Updated: 2024-09-04T14:19:49.867Z

Reserved: 2024-07-19T19:37:55.347Z

Link: CVE-2024-6926

Vulnrichment

Updated: 2024-09-04T14:19:39.748Z

NVD

Status : Analyzed

Published: 2024-09-04T06:15:17.537

Modified: 2024-10-07T15:29:08.993

Link: CVE-2024-6926

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6926", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2024-07-19T19:37:55.347Z", "datePublished": "2024-09-04T06:00:04.238Z", "dateUpdated": "2024-09-04T14:19:49.867Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-09-04T06:00:04.238Z"}, "title": "Viral Signup <= 2.1 - Unauthenticated SQLi", "problemTypes": [{"descriptions": [{"description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Viral Signup", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "2.1"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection"}], "references": [{"url": "https://wpscan.com/vulnerability/9ce96ce5-fcf0-4d7a-b562-f63ea3418d93/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Project Black", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"affected": [{"vendor": "wow-company", "product": "viral-signup", "cpes": ["cpe:2.3:a:wow-company:viral-signup:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.1", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T14:18:46.215208Z", "id": "CVE-2024-6926", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T14:19:49.867Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-6926", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-04T14:18:46.215208Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wow-company:viral-signup:*:*:*:*:*:*:*:*"], "vendor": "wow-company", "product": "viral-signup", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T14:19:39.748Z"}}], "cna": {"title": "Viral Signup <= 2.1 - Unauthenticated SQLi", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Project Black"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Viral Signup", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.1"}], "defaultStatus": "affected"}], "references": [{"url": "https://wpscan.com/vulnerability/9ce96ce5-fcf0-4d7a-b562-f63ea3418d93/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-89 SQL Injection"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-09-04T06:00:04.238Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6926", "state": "PUBLISHED", "dateUpdated": "2024-09-04T14:19:49.867Z", "dateReserved": "2024-07-19T19:37:55.347Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2024-09-04T06:00:04.238Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wow-company:viral_signup:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "20491622-35DD-43F2-A1E0-A71A5182B69D", "versionEndIncluding": "2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection"}, {"lang": "es", "value": "El complemento Viral Signup de WordPress hasta la versi\u00f3n 2.1 no desinfecta ni escapa correctamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL a trav\u00e9s de una acci\u00f3n AJAX disponible para usuarios no autenticados, lo que genera una inyecci\u00f3n SQL."}], "id": "CVE-2024-6926", "lastModified": "2024-10-07T15:29:08.993", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-09-04T06:15:17.537", "references": [{"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/9ce96ce5-fcf0-4d7a-b562-f63ea3418d93/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "[email protected]", "type": "Primary"}]}