← volver
CVE-2024-3495

Country State City Dropdown CF7 <= 2.7.2 - Unauthenticated SQL Injection

CVSS 9.8 CRITICALEPSS 13.6%CWE-89
Vexday Risk Score
68Prioridad alta
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 9.8EPSS 13.6%KEV nãoPoC públicaNuclei simMetasploit Patch
Ciclo de vida
22 may 2024Publicada en NVD
23 may 2024PoC pública
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
trustyplugins · Country State City Dropdown CF7
PoCs públicas encontradas2
githubgithub.com/truonghuuphuc/CVE-2024-3495-Poc8githubgithub.com/zomasec/CVE-2024-3495-POC1
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://plugins.trac.wordpress.org/browser/country-state-city-auto-dropdown/trunk/includes/ajax-actions.php#L22https://plugins.trac.wordpress.org/browser/country-state-city-auto-dropdown/trunk/includes/ajax-actions.php#L8https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3089374%40country-state-city-auto-dropdown%2Ftrunk&old=3068802%40country-state-city-auto-dropdown%2Ftrunk&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/17dcacaf-0e2a-4bef-b944-fb7e43d25777?source=cve