Vulnerabilities > CVE-2023-0278 - Unspecified vulnerability in Wpgeodirectory Geodirectory

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wpgeodirectory

NVD

Published: 2023-02-27

Updated: 2024-11-21

Summary

The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

Vulnerable Configurations

Part	Description	Count
Application	Wpgeodirectory Wpgeodirectory Geodirectory *	1

References

https://bulletin.iese.de/post/geodirectory_2-2-21
https://bulletin.iese.de/post/geodirectory_2-2-21
https://wpscan.com/vulnerability/98deb84e-01ca-4b70-a8f8-0a226daa85a6
https://wpscan.com/vulnerability/98deb84e-01ca-4b70-a8f8-0a226daa85a6