CVE-2017-20103 in Kama Click Counter Plugininfo

Summary

by MITRE • 06/28/2022

A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/order with the input ASC%2c(select*from(select(sleep(2)))a) leads to sql injection (Blind). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.4.9 is able to address this issue. It is recommended to upgrade the affected component.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulDB

Disclosure

06/28/2022

Moderation

accepted

Entry

VDB-97335

CPE

ready

CWE

CWE-89 (confirmed)

Exploit

Download

CVSS

6.3 (VulDB)

EPSS

0.00181

KEV

Activities

very low

Sector

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-20103
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-20103
CVE Details	https://www.cvedetails.com/cve/CVE-2017-20103/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!