- Description
- SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
- nvd@nist.gov
- CWE-89
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quartz_plugin_project:quartz_plugin:1.01.1:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "9FBF8054-5CD9-40A9-ACA0-7FB0DABEE1DD"
}
],
"operator": "OR"
}
]
}
]