CVE-2021-24141 - OpenCVE

Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Sigmaplugin	Advanced Database Cleaner

Configuration 1 [-]

cpe:2.3:a:sigmaplugin:advanced_database_cleaner:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/5c8adca0-fe19-4624-81ef-465b8d007f93	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2021-03-18T14:57:49

Updated: 2021-03-18T14:57:49

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24141

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-03-18T15:15:15.073

Modified: 2021-03-22T19:45:22.013

Link: CVE-2021-24141

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "Advanced Database Cleaner", "vendor": "Unknown", "versions": [{"lessThan": "3.0.2", "status": "affected", "version": "3.0.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)"}], "descriptions": [{"lang": "en", "value": "Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-18T14:57:49", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/5c8adca0-fe19-4624-81ef-465b8d007f93"}], "source": {"discovery": "UNKNOWN"}, "title": "Advanced Database Cleaner < 3.0.2 - Authenticated SQL injection", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24141", "STATE": "PUBLIC", "TITLE": "Advanced Database Cleaner < 3.0.2 - Authenticated SQL injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Advanced Database Cleaner", "version": {"version_data": [{"version_affected": "<", "version_name": "3.0.2", "version_value": "3.0.2"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/5c8adca0-fe19-4624-81ef-465b8d007f93", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/5c8adca0-fe19-4624-81ef-465b8d007f93"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24141", "datePublished": "2021-03-18T14:57:49", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2021-03-18T14:57:49", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sigmaplugin:advanced_database_cleaner:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8F1DA5B0-72B6-417B-A5C9-2910B926E05A", "versionEndExcluding": "3.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks."}, {"lang": "es", "value": "Una entrada no valorada en el plugin Advanced Database Cleaner, versiones anteriores a 3.0.2, conlleva a una inyecci\u00f3n SQL que permite a usuarios muy privilegiado (admin+) llevar a cabo ataques SQL"}], "id": "CVE-2021-24141", "lastModified": "2021-03-22T19:45:22.013", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-18T15:15:15.073", "references": [{"source": "contact@wpscan.com", "tags": ["Third Party Advisory"], "url": "https://wpscan.com/vulnerability/5c8adca0-fe19-4624-81ef-465b8d007f93"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "contact@wpscan.com", "type": "Secondary"}]}