Search
Find a vulnerability
Search criteria
6 vulnerabilities found for surveys by Binny V A
CVE-2017-1002022 (GCVE-0-2017-1002022)
Vulnerability from nvd – Published: 2017-09-14 13:00 – Updated: 2024-08-05 22:00
VLAI
EPSS
VEX
Summary
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8833 | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=193 | x_refsource_MISC |
| https://wordpress.org/plugins/surveys/ | x_refsource_MISC |
Impacted products
Date Public
2017-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/surveys/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "surveys",
"vendor": "Binny V A",
"versions": [
{
"lessThan": "1.01.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2017-05-21T00:00:00.000Z",
"datePublic": "2017-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T09:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/surveys/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2017-05-21",
"ID": "CVE-2017-1002022",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "surveys",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.01.8"
}
]
}
}
]
},
"vendor_name": "Binny V A"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8833",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=193",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"name": "https://wordpress.org/plugins/surveys/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/surveys/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2017-1002022",
"datePublished": "2017-09-14T13:00:00.000Z",
"dateReserved": "2017-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:00:41.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1002021 (GCVE-0-2017-1002021)
Vulnerability from nvd – Published: 2017-09-14 13:00 – Updated: 2024-08-05 22:00
VLAI
EPSS
VEX
Summary
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8833 | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=193 | x_refsource_MISC |
| https://wordpress.org/plugins/surveys/ | x_refsource_MISC |
Impacted products
Date Public
2017-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/surveys/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "surveys",
"vendor": "Binny V A",
"versions": [
{
"lessThan": "1.01.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2017-05-21T00:00:00.000Z",
"datePublic": "2017-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T09:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/surveys/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2017-05-21",
"ID": "CVE-2017-1002021",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "surveys",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.01.8"
}
]
}
}
]
},
"vendor_name": "Binny V A"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8833",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=193",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"name": "https://wordpress.org/plugins/surveys/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/surveys/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2017-1002021",
"datePublished": "2017-09-14T13:00:00.000Z",
"dateReserved": "2017-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:00:41.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1002020 (GCVE-0-2017-1002020)
Vulnerability from nvd – Published: 2017-09-14 13:00 – Updated: 2024-08-05 22:00
VLAI
EPSS
VEX
Summary
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8833 | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=193 | x_refsource_MISC |
| https://wordpress.org/plugins/surveys/ | x_refsource_MISC |
Impacted products
Date Public
2017-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/surveys/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "surveys",
"vendor": "Binny V A",
"versions": [
{
"lessThan": "1.01.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2017-05-21T00:00:00.000Z",
"datePublic": "2017-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T09:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/surveys/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2017-05-21",
"ID": "CVE-2017-1002020",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "surveys",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.01.8"
}
]
}
}
]
},
"vendor_name": "Binny V A"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8833",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=193",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"name": "https://wordpress.org/plugins/surveys/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/surveys/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2017-1002020",
"datePublished": "2017-09-14T13:00:00.000Z",
"dateReserved": "2017-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:00:41.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1002021 (GCVE-0-2017-1002021)
Vulnerability from cvelistv5 – Published: 2017-09-14 13:00 – Updated: 2024-08-05 22:00
VLAI
EPSS
VEX
Summary
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8833 | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=193 | x_refsource_MISC |
| https://wordpress.org/plugins/surveys/ | x_refsource_MISC |
Impacted products
Date Public
2017-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/surveys/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "surveys",
"vendor": "Binny V A",
"versions": [
{
"lessThan": "1.01.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2017-05-21T00:00:00.000Z",
"datePublic": "2017-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T09:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/surveys/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2017-05-21",
"ID": "CVE-2017-1002021",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "surveys",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.01.8"
}
]
}
}
]
},
"vendor_name": "Binny V A"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8833",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=193",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"name": "https://wordpress.org/plugins/surveys/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/surveys/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2017-1002021",
"datePublished": "2017-09-14T13:00:00.000Z",
"dateReserved": "2017-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:00:41.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1002020 (GCVE-0-2017-1002020)
Vulnerability from cvelistv5 – Published: 2017-09-14 13:00 – Updated: 2024-08-05 22:00
VLAI
EPSS
VEX
Summary
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8833 | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=193 | x_refsource_MISC |
| https://wordpress.org/plugins/surveys/ | x_refsource_MISC |
Impacted products
Date Public
2017-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/surveys/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "surveys",
"vendor": "Binny V A",
"versions": [
{
"lessThan": "1.01.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2017-05-21T00:00:00.000Z",
"datePublic": "2017-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T09:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/surveys/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2017-05-21",
"ID": "CVE-2017-1002020",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "surveys",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.01.8"
}
]
}
}
]
},
"vendor_name": "Binny V A"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8833",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=193",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"name": "https://wordpress.org/plugins/surveys/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/surveys/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2017-1002020",
"datePublished": "2017-09-14T13:00:00.000Z",
"dateReserved": "2017-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:00:41.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1002022 (GCVE-0-2017-1002022)
Vulnerability from cvelistv5 – Published: 2017-09-14 13:00 – Updated: 2024-08-05 22:00
VLAI
EPSS
VEX
Summary
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8833 | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=193 | x_refsource_MISC |
| https://wordpress.org/plugins/surveys/ | x_refsource_MISC |
Impacted products
Date Public
2017-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/surveys/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "surveys",
"vendor": "Binny V A",
"versions": [
{
"lessThan": "1.01.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2017-05-21T00:00:00.000Z",
"datePublic": "2017-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T09:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/surveys/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2017-05-21",
"ID": "CVE-2017-1002022",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "surveys",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.01.8"
}
]
}
}
]
},
"vendor_name": "Binny V A"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8833",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=193",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"name": "https://wordpress.org/plugins/surveys/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/surveys/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2017-1002022",
"datePublished": "2017-09-14T13:00:00.000Z",
"dateReserved": "2017-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:00:41.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}