Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-mcdx-9sw8-b7gs
SummaryThe Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
Aliases
0
alias CVE-2024-13726
Fixed_packages
Affected_packages
References
0
reference_url https://wpscan.com/vulnerability/ec226d22-0c09-4e7c-86ec-b64819089b60/
reference_id ec226d22-0c09-4e7c-86ec-b64819089b60
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T18:45:07Z/
url https://wpscan.com/vulnerability/ec226d22-0c09-4e7c-86ec-b64819089b60/
Weaknesses
0
cwe_id 89
name Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
description The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Exploits
Severity_range_score8.6 - 8.6
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-mcdx-9sw8-b7gs