Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for VaultPress Plugin by unspecified

    CVE-2017-20086 (GCVE-0-2017-20086)

    Vulnerability from nvd – Published: 2022-06-23 04:20 – Updated: 2025-04-15 14:15
    VLAI
    Title
    VaultPress Plugin code injection
    Summary
    A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    David Vaartjes
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:45:25.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Feb/95"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.97383"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-20086",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T17:08:52.084255Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T14:15:00.560Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VaultPress Plugin",
              "vendor": "unspecified",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.8.4"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "David Vaartjes"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-23T04:20:24.000Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Feb/95"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vuldb.com/?id.97383"
            }
          ],
          "title": "VaultPress Plugin code injection",
          "x_generator": "vuldb.com",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@vuldb.com",
              "ID": "CVE-2017-20086",
              "REQUESTER": "cna@vuldb.com",
              "STATE": "PUBLIC",
              "TITLE": "VaultPress Plugin code injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VaultPress Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.8.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": ""
                  }
                ]
              }
            },
            "credit": "David Vaartjes",
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely."
                }
              ]
            },
            "generator": "vuldb.com",
            "impact": {
              "cvss": {
                "baseScore": "6.3",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-94 Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Feb/95",
                  "refsource": "MISC",
                  "url": "http://seclists.org/fulldisclosure/2017/Feb/95"
                },
                {
                  "name": "https://vuldb.com/?id.97383",
                  "refsource": "MISC",
                  "url": "https://vuldb.com/?id.97383"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2017-20086",
        "datePublished": "2022-06-23T04:20:24.000Z",
        "dateReserved": "2022-06-19T00:00:00.000Z",
        "dateUpdated": "2025-04-15T14:15:00.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-20086 (GCVE-0-2017-20086)

    Vulnerability from cvelistv5 – Published: 2022-06-23 04:20 – Updated: 2025-04-15 14:15
    VLAI
    Title
    VaultPress Plugin code injection
    Summary
    A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    David Vaartjes
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:45:25.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Feb/95"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.97383"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-20086",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T17:08:52.084255Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T14:15:00.560Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VaultPress Plugin",
              "vendor": "unspecified",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.8.4"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "David Vaartjes"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-23T04:20:24.000Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Feb/95"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vuldb.com/?id.97383"
            }
          ],
          "title": "VaultPress Plugin code injection",
          "x_generator": "vuldb.com",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@vuldb.com",
              "ID": "CVE-2017-20086",
              "REQUESTER": "cna@vuldb.com",
              "STATE": "PUBLIC",
              "TITLE": "VaultPress Plugin code injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VaultPress Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.8.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": ""
                  }
                ]
              }
            },
            "credit": "David Vaartjes",
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely."
                }
              ]
            },
            "generator": "vuldb.com",
            "impact": {
              "cvss": {
                "baseScore": "6.3",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-94 Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://seclists.org/fulldisclosure/2017/Feb/95",
                  "refsource": "MISC",
                  "url": "http://seclists.org/fulldisclosure/2017/Feb/95"
                },
                {
                  "name": "https://vuldb.com/?id.97383",
                  "refsource": "MISC",
                  "url": "https://vuldb.com/?id.97383"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2017-20086",
        "datePublished": "2022-06-23T04:20:24.000Z",
        "dateReserved": "2022-06-19T00:00:00.000Z",
        "dateUpdated": "2025-04-15T14:15:00.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }