CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4.
Explanation of Vulnerability in Simple Terms
The Mediabay WordPress plugin through version 1.4 contains a SQL injection vulnerability in its media library folder handling. An authenticated user with low privileges can inject malicious SQL queries through unfiltered input, potentially reading sensitive database information or disrupting site availability. The vulnerability requires a valid WordPress account but no additional user interaction.
What an attacker can do
Read sensitive data from the site's database or cause the database to become unavailable.
Potential impact on your site
Unauthorized access to database contents including user data, posts, and configuration; potential site downtime if database queries are disrupted.
Conditions required to exploit
Attacker must have a low-privilege WordPress user account (e.g., subscriber or contributor role).
Key dates
External resources
Related vulnerabilities
