- Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.
- Source
- audit@patchstack.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.3
- Impact score
- 4.7
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
- Severity
- CRITICAL
- audit@patchstack.com
- CWE-89
- Hype score
- Not currently trending
[CVE-2024-51818: CRITICAL] Beware of SQL Injection vulnerability in Fancy Product Designer versions up to 6.4.3. Stay updated to protect your data from cyber threats. #cybersecurity#cybersecurity,#vulnerability https://t.co/T1ydTGHYe9 https://t.co/dQCMZQ8E6Q
@CveFindCom
21 Jan 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51818 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Produc… https://t.co/vbahNDzzhb
@CVEnew
21 Jan 2025
264 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51919,CVE-2024-51818 alert 🚨 Wordpress Plugin Fancy Product Arbitrary File Upload and Unauthenticated SQL Injection The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #Wordpress
@Patrowl_io
9 Jan 2025
49 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
WordPressの有料プラグインFancy Product Designerに重大(Critical)な脆弱性。2024/3/18報告だが未修正。CVE-2024-51919はCVSSスコア9.0で、遠隔コード実行につながる未認証での任意ファイルアップロード。CVE-2024-51818はCVSSスコア9.3で、未認証でのSQLインジェクション。 https://t.co/db5oruISbn
@__kokumoto
8 Jan 2025
601 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes