CVE-2021-24606 - Vulnerability Details - OpenCVE

The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Offshorewebmaster	Availability Calendar

Configuration 1 [-]

cpe:2.3:a:offshorewebmaster:availability_calendar:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/fe49f48a-f97a-44fe-8d71-be08e7ce4f83

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-09-20T10:06:32

Updated: 2024-08-03T19:35:20.276Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24606

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-09-20T10:15:08.930

Modified: 2024-11-21T05:53:23.873

Link: CVE-2021-24606

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Availability Calendar", "vendor": "Unknown", "versions": [{"lessThan": "1.2.1", "status": "affected", "version": "1.2.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "xiahao@webray.com.cn inc"}], "descriptions": [{"lang": "en", "value": "The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-20T10:06:32", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/fe49f48a-f97a-44fe-8d71-be08e7ce4f83"}], "source": {"discovery": "UNKNOWN"}, "title": "Availability Calendar < 1.2.1 - Authenticated SQL Injection", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24606", "STATE": "PUBLIC", "TITLE": "Availability Calendar < 1.2.1 - Authenticated SQL Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Availability Calendar", "version": {"version_data": [{"version_affected": "<", "version_name": "1.2.1", "version_value": "1.2.1"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "xiahao@webray.com.cn inc"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/fe49f48a-f97a-44fe-8d71-be08e7ce4f83", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/fe49f48a-f97a-44fe-8d71-be08e7ce4f83"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:35:20.276Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/fe49f48a-f97a-44fe-8d71-be08e7ce4f83"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24606", "datePublished": "2021-09-20T10:06:32", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:35:20.276Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:offshorewebmaster:availability_calendar:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5BEE37EC-EA9C-467B-808D-7F5B7B65A5ED", "versionEndExcluding": "1.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+"}, {"lang": "es", "value": "El plugin Availability Calendar de WordPress versiones anteriores a 1.2.1 no escapa del atributo category de su shortcode antes de usarlo en una sentencia SQL, conllevando a un problema de inyecci\u00f3n SQL, que puede ser explotado por cualquier usuario capaz de a\u00f1adir shortcode a las entradas/p\u00e1ginas, como contributor+"}], "id": "CVE-2021-24606", "lastModified": "2024-11-21T05:53:23.873", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-20T10:15:08.930", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/fe49f48a-f97a-44fe-8d71-be08e7ce4f83"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/fe49f48a-f97a-44fe-8d71-be08e7ce4f83"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "contact@wpscan.com", "type": "Secondary"}]}