CVE-2022-1689

CVE-2022-1689: Note Press <= 0.1.10 - Admin+ SQLi via Update

Vendor Unknown

Product Note Press

Weakness CWE-89 · SQLi

Published June 6, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection

Key dates

02Disclosure timeline

June 6, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1689 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2023-47128 piccolo SQL Injection via named transaction savepoints CVE-2023-3208 RoadFlow Visual Process Engine .NET Core Mvc Login sql injection CVE-2024-2677 Campcodes Online Job Finder System controller.php sql injection CVE-2022-2666 SourceCodester Loan Management System login.php sql injection CVE-2024-38872 SQL Injection