GHSA-87fg-9x5w-j3rm

Suggest an improvement
Source
https://github.com/advisories/GHSA-87fg-9x5w-j3rm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-87fg-9x5w-j3rm/GHSA-87fg-9x5w-j3rm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-87fg-9x5w-j3rm
Aliases
  • CVE-2023-38519
Published
2023-12-20T15:30:19Z
Modified
2024-02-16T08:17:07.129968Z
Severity
  • 7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L CVSS Calculator
Summary
MainWP Dashboard SQL Command Injection vulnerability
Details

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3.

References

Affected packages

Packagist / mainwp/mainwp

Package

Name
mainwp/mainwp
Purl
pkg:composer/mainwp/mainwp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.3.4

Affected versions

v4.*

v4.0.4
v4.0.7.2
v4.1-beta1
v4.1-beta3
v4.1
v4.1.1
v4.1.2
v4.1.3
v4.1.3.1
v4.1.4
v4.1.4.1
v4.1.5
v4.1.5.1
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.1.10
v4.1.10.2
v4.1.10.3
v4.1.11
v4.2
v4.2.1
v4.2.3
v4.2.4
v4.2.6
v4.2.7
v4.2.7.1
v4.3
v4.3.0.1

Database specific

{
    "last_known_affected_version_range": "<= 4.4.3.3"
}