CVE-2022-47420 - OpenCVE

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Adaplugin	Accessibility Suite By Online Ada

Configuration 1 [-]

cpe:2.3:a:adaplugin:accessibility_suite_by_online_ada:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://patchstack.com/database/vulnerability/online-accessibility/wordpress-accessibility-suite-by-online-ada-plugin-4-11-sql-injection?_s_id=cve	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2023-11-06T07:41:14.661Z

Updated: 2024-07-08T09:27:25.880Z

Reserved: 2022-12-15T00:08:08.872Z

Link: CVE-2022-47420

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-06T08:15:21.757

Modified: 2023-11-14T15:35:47.717

Link: CVE-2022-47420

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-47420", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2022-12-15T00:08:08.872Z", "datePublished": "2023-11-06T07:41:14.661Z", "dateUpdated": "2024-07-08T09:27:25.880Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "online-accessibility", "product": "Accessibility Suite by Online ADA", "vendor": "Online ADA", "versions": [{"changes": [{"at": "4.13", "status": "unaffected"}], "lessThanOrEqual": "4.12", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "minhtuanact (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.<p>This issue affects Accessibility Suite by Online ADA: from n/a through 4.12.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-07-08T09:27:25.880Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/online-accessibility/wordpress-accessibility-suite-by-online-ada-plugin-4-11-sql-injection?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 4.13 or a higher version."}], "value": "Update to\u00a04.13 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Accessibility Suite by Online ADA Plugin <= 4.12 is vulnerable to SQL Injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}