Search criteria

2 vulnerabilities found for official_website_mini_program by jiangqie

CVE-2021-24303 (GCVE-0-2021-24303)

Vulnerability from nvd – Published: 2021-09-06 11:09 – Updated: 2024-08-03 19:28
VLAI?
Title
JiangQie Official Website Mini Program < 1.1.1 - Authenticated SQL Injection
Summary
The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
Unknown JiangQie Official Website Mini Program Affected: 1.1.1 , < 1.1.1 (custom)
Create a notification for this product.
Credits
wangxiaohui@webray.com.cn inc
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:28:23.552Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/cbd65b7d-d3c3-4ee3-8e5e-ff0eeeaa7b30"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ja9er/CVEProject/blob/main/wordpress_jiangqie-official-website-mini-program_sqli.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "JiangQie Official Website Mini Program",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.1.1",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangxiaohui@webray.com.cn inc"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 SQL Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-06T11:09:18.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/cbd65b7d-d3c3-4ee3-8e5e-ff0eeeaa7b30"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ja9er/CVEProject/blob/main/wordpress_jiangqie-official-website-mini-program_sqli.md"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "JiangQie Official Website Mini Program \u003c 1.1.1 - Authenticated SQL Injection",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24303",
          "STATE": "PUBLIC",
          "TITLE": "JiangQie Official Website Mini Program \u003c 1.1.1 - Authenticated SQL Injection"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "JiangQie Official Website Mini Program",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "1.1.1",
                            "version_value": "1.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "wangxiaohui@webray.com.cn inc"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89 SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/cbd65b7d-d3c3-4ee3-8e5e-ff0eeeaa7b30",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/cbd65b7d-d3c3-4ee3-8e5e-ff0eeeaa7b30"
            },
            {
              "name": "https://github.com/ja9er/CVEProject/blob/main/wordpress_jiangqie-official-website-mini-program_sqli.md",
              "refsource": "MISC",
              "url": "https://github.com/ja9er/CVEProject/blob/main/wordpress_jiangqie-official-website-mini-program_sqli.md"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24303",
    "datePublished": "2021-09-06T11:09:18.000Z",
    "dateReserved": "2021-01-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:28:23.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-24303 (GCVE-0-2021-24303)

Vulnerability from cvelistv5 – Published: 2021-09-06 11:09 – Updated: 2024-08-03 19:28
VLAI?
Title
JiangQie Official Website Mini Program < 1.1.1 - Authenticated SQL Injection
Summary
The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
Unknown JiangQie Official Website Mini Program Affected: 1.1.1 , < 1.1.1 (custom)
Create a notification for this product.
Credits
wangxiaohui@webray.com.cn inc
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:28:23.552Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/cbd65b7d-d3c3-4ee3-8e5e-ff0eeeaa7b30"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ja9er/CVEProject/blob/main/wordpress_jiangqie-official-website-mini-program_sqli.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "JiangQie Official Website Mini Program",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.1.1",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangxiaohui@webray.com.cn inc"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 SQL Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-06T11:09:18.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/cbd65b7d-d3c3-4ee3-8e5e-ff0eeeaa7b30"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ja9er/CVEProject/blob/main/wordpress_jiangqie-official-website-mini-program_sqli.md"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "JiangQie Official Website Mini Program \u003c 1.1.1 - Authenticated SQL Injection",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24303",
          "STATE": "PUBLIC",
          "TITLE": "JiangQie Official Website Mini Program \u003c 1.1.1 - Authenticated SQL Injection"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "JiangQie Official Website Mini Program",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "1.1.1",
                            "version_value": "1.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "wangxiaohui@webray.com.cn inc"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89 SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/cbd65b7d-d3c3-4ee3-8e5e-ff0eeeaa7b30",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/cbd65b7d-d3c3-4ee3-8e5e-ff0eeeaa7b30"
            },
            {
              "name": "https://github.com/ja9er/CVEProject/blob/main/wordpress_jiangqie-official-website-mini-program_sqli.md",
              "refsource": "MISC",
              "url": "https://github.com/ja9er/CVEProject/blob/main/wordpress_jiangqie-official-website-mini-program_sqli.md"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24303",
    "datePublished": "2021-09-06T11:09:18.000Z",
    "dateReserved": "2021-01-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:28:23.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}