How severe is CVE-2024-2871?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.7 out of 10.

What type of vulnerability is CVE-2024-2871?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2024-2871

HIGH Year: 2024

CVSS v3 Score

7.7

High

Weakness Type

CWE-89

View all →

Vulnerability Description

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE-2020-6249

HIGH

CVSS:7.7(High)

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the b...

CWE-892020

CVE-2021-21915

HIGH

CVSS:7.7(High)

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can...

CWE-892021

CVE-2021-21916

HIGH

CVSS:7.7(High)

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter’ parameter. An attacker...

CWE-892021

CVE-2021-21917

HIGH

CVSS:7.7(High)

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make auth...

CWE-892021

CVE-2021-21918

HIGH

CVSS:7.7(High)

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super...

CWE-892021

CVE-2021-21919

HIGH

CVSS:7.7(High)

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administ...

CWE-892021

CVE-2024-2871

Vulnerability Description

Related Vulnerabilities

CVE-2020-6249

CVE-2021-21915

CVE-2021-21916

CVE-2021-21917

CVE-2021-21918

CVE-2021-21919