CVE-2021-38324 - OpenCVE

The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Smartypantsplugins	Sp Rental Manager

Configuration 1 [-]

cpe:2.3:a:smartypantsplugins:sp_rental_manager:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://plugins.trac.wordpress.org/browser/sp-rental-manager/tags/1.5.3/user/shortcodes.php#L389	Exploit Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38324	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Wordfence

Published: 2021-09-08T00:00:00

Updated: 2021-09-09T18:09:53

Reserved: 2021-08-09T00:00:00

Link: CVE-2021-38324

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-09T19:15:14.053

Modified: 2021-09-22T16:44:59.803

Link: CVE-2021-38324

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": " SP Rental Manager ", "vendor": " SP Rental Manager ", "versions": [{"lessThanOrEqual": "1.5.3", "status": "affected", "version": "1.5.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "p7e4"}], "datePublic": "2021-09-08T00:00:00", "descriptions": [{"lang": "en", "value": "The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-09T18:09:53", "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38324"}, {"tags": ["x_refsource_MISC"], "url": "https://plugins.trac.wordpress.org/browser/sp-rental-manager/tags/1.5.3/user/shortcodes.php#L389"}], "solutions": [{"lang": "en", "value": "Uninstall plugin from WordPress site."}], "source": {"discovery": "EXTERNAL"}, "title": " SP Rental Manager <= 1.5.3 Unauthenticated SQL Injection", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "Wordfence", "ASSIGNER": "security@wordfence.com", "DATE_PUBLIC": "2021-09-08T20:09:00.000Z", "ID": "CVE-2021-38324", "STATE": "PUBLIC", "TITLE": " SP Rental Manager <= 1.5.3 Unauthenticated SQL Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": " SP Rental Manager ", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.5.3", "version_value": "1.5.3"}]}}]}, "vendor_name": " SP Rental Manager "}]}}, "credit": [{"lang": "eng", "value": "p7e4"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38324", "refsource": "MISC", "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38324"}, {"name": "https://plugins.trac.wordpress.org/browser/sp-rental-manager/tags/1.5.3/user/shortcodes.php#L389", "refsource": "MISC", "url": "https://plugins.trac.wordpress.org/browser/sp-rental-manager/tags/1.5.3/user/shortcodes.php#L389"}]}, "solution": [{"lang": "en", "value": "Uninstall plugin from WordPress site."}], "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2021-38324", "datePublished": "2021-09-08T00:00:00", "dateReserved": "2021-08-09T00:00:00", "dateUpdated": "2021-09-09T18:09:53", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:smartypantsplugins:sp_rental_manager:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "85C2E2CD-A462-4905-9F4A-07486571EAD9", "versionEndIncluding": "1.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3."}, {"lang": "es", "value": "El plugin SP Rental Manager de WordPress, es vulnerable a una inyecci\u00f3n SQL por medio del par\u00e1metro orderby encontrado en el archivo ~/user/shortcodes.php que permite a atacantes recuperar informaci\u00f3n contenida en la base de datos de un sitio, en versiones hasta 1.5.3 incluy\u00e9ndola"}], "id": "CVE-2021-38324", "lastModified": "2021-09-22T16:44:59.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2021-09-09T19:15:14.053", "references": [{"source": "security@wordfence.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/browser/sp-rental-manager/tags/1.5.3/user/shortcodes.php#L389"}, {"source": "security@wordfence.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38324"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@wordfence.com", "type": "Secondary"}]}