CVE-2023-2188
CVSS 3.1 Score 4.9 of 10 (medium)
Details
Published Aug 31, 2023
Updated: Nov 7, 2023
Summary
CVE-2023-2188 is a vulnerability affecting the Colibri Page Builder plugin for WordPress. This issue allows authenticated attackers with administrator-level access to inject SQL queries into existing ones through the 'post_id' parameter. The plugin fails to properly escape user-supplied data and prepare SQL queries, leading to the vulnerability. Attackers can exploit this to extract sensitive information from the database. Versions up to, and including, 1.0.227 are impacted.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- MySQL
Affected Vendors
- BonqDAO