CVE-2023-7337: JS Help Desk <= 2.8.2 - SQL Injection
漏洞描述
JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. [已公开] id: CVE-2023-7337 info: name: JS Help Desk <= 2.8.2 - SQL Injection author: Shivam Kamboj severity: critical description: | JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. impact: | Unauthenticated attackers can extract sensitive database information, leading to data disclosure. remediation: | Update to the latest version of JS Help Desk plugin. reference: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/js-support-ticket/js-help-desk-ai-powered-support-ticketing-system-282-unauthenticated-sql-injection-via-js-support-ticket-token-tkstatus-cookie - https://nvd.nist.gov/vuln/detail/CVE-2023-7337 classification: cvss-metrics: CVSS:3
FOFA 语句
暂无
影响范围
JS Help Desk
漏洞详情
POC:
已公开
修复建议
暂无