Vulnerabilities > CVE-2022-0785 - Unspecified vulnerability in Daily Prayer Time Project Daily Prayer Time

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
daily-prayer-time-project
critical

Summary

The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection

Vulnerable Configurations

Part Description Count
Application
Daily_Prayer_Time_Project
55