WordPress Plugin Vulnerabilities
DiveBook <= 1.1.4 - Unauthenticated SQL Injection
Description
The filter_diver GET parameter, in pages where the DiveBook is embed, does not properly sanitise and validate user data, leading to an Unauthenticated SQL injection vulnerability.
Proof of Concept
The PoC will be displayed once the issue has been remediated.
Affects Plugins
References
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Hooper Labs
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2020-12-09 (about 3 years ago)
Added
2020-12-09 (about 3 years ago)
Last Updated
2020-12-10 (about 3 years ago)