GHSA-87fg-9x5w-j3rm

Source

https://github.com/advisories/GHSA-87fg-9x5w-j3rm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-87fg-9x5w-j3rm/GHSA-87fg-9x5w-j3rm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-87fg-9x5w-j3rm

Aliases

CVE-2023-38519

Published

2023-12-20T15:30:19Z

Modified

2024-02-16T08:17:07.129968Z

Severity

7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L CVSS Calculator

Summary

MainWP Dashboard SQL Command Injection vulnerability

Details

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3.

Database specific

{
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "HIGH",
    "nvd_published_at": "2023-12-20T14:15:19Z",
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-28T22:11:55Z"
}

References

Affected packages

Packagist / mainwp/mainwp

Package

Name: mainwp/mainwp
Purl: pkg:composer/mainwp/mainwp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.3.4

Affected versions

v4.*

v4.0.4

v4.0.7.2

v4.1-beta1

v4.1-beta3

v4.1

v4.1.1

v4.1.2

v4.1.3

v4.1.3.1

v4.1.4

v4.1.4.1

v4.1.5

v4.1.5.1

v4.1.6

v4.1.7

v4.1.8

v4.1.9

v4.1.10

v4.1.10.2

v4.1.10.3

v4.1.11

v4.2

v4.2.1

v4.2.3

v4.2.4

v4.2.6

v4.2.7

v4.2.7.1

v4.3

v4.3.0.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-87fg-9x5w-j3rm/GHSA-87fg-9x5w-j3rm.json"

last_known_affected_version_range

"<= 4.4.3.3"