Search criteria
2 vulnerabilities found for video-embed-box by video-embed-box_project
CVE-2021-24337 (GCVE-0-2021-24337)
Vulnerability from nvd – Published: 2021-06-07 10:49 – Updated: 2024-08-03 19:28
VLAI
Title
Video Embed <= 1.0 - Authenticated (subscriber+) SQL Injection
Summary
The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection.
Severity
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/a8fd8dd4-5b5e-46… | x_refsource_CONFIRM |
| https://codevigilant.com/disclosure/2021/wp-plugi… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Video Embed |
Affected:
1.0 , ≤ 1.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Video Embed",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Syed Sheeraz Ali of Code Vigilant Project"
}
],
"descriptions": [
{
"lang": "en",
"value": "The id GET parameter of one of the Video Embed WordPress plugin through 1.0\u0027s page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-07T10:49:50.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Video Embed \u003c= 1.0 - Authenticated (subscriber+) SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24337",
"STATE": "PUBLIC",
"TITLE": "Video Embed \u003c= 1.0 - Authenticated (subscriber+) SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Video Embed",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.0",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Syed Sheeraz Ali of Code Vigilant Project"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The id GET parameter of one of the Video Embed WordPress plugin through 1.0\u0027s page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a"
},
{
"name": "https://codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/",
"refsource": "MISC",
"url": "https://codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24337",
"datePublished": "2021-06-07T10:49:50.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24337 (GCVE-0-2021-24337)
Vulnerability from cvelistv5 – Published: 2021-06-07 10:49 – Updated: 2024-08-03 19:28
VLAI
Title
Video Embed <= 1.0 - Authenticated (subscriber+) SQL Injection
Summary
The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection.
Severity
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/a8fd8dd4-5b5e-46… | x_refsource_CONFIRM |
| https://codevigilant.com/disclosure/2021/wp-plugi… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Video Embed |
Affected:
1.0 , ≤ 1.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Video Embed",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Syed Sheeraz Ali of Code Vigilant Project"
}
],
"descriptions": [
{
"lang": "en",
"value": "The id GET parameter of one of the Video Embed WordPress plugin through 1.0\u0027s page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-07T10:49:50.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Video Embed \u003c= 1.0 - Authenticated (subscriber+) SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24337",
"STATE": "PUBLIC",
"TITLE": "Video Embed \u003c= 1.0 - Authenticated (subscriber+) SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Video Embed",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.0",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Syed Sheeraz Ali of Code Vigilant Project"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The id GET parameter of one of the Video Embed WordPress plugin through 1.0\u0027s page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a"
},
{
"name": "https://codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/",
"refsource": "MISC",
"url": "https://codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24337",
"datePublished": "2021-06-07T10:49:50.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}