CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Truman Contact Us page - Contact people LITE contact-us-page-contact-people allows SQL Injection.This issue affects Contact Us page - Contact people LITE: from n/a through <= 3.7.4.
Explanation of Vulnerability in Simple Terms
Contact Us page - Contact people LITE versions 3.7.4 and earlier contain a SQL injection vulnerability in database queries. An attacker with low-level site access can inject malicious SQL code to read sensitive data from the database, including user information and configuration details. The vulnerability also allows limited disruption of site availability.
What an attacker can do
Read sensitive data from the site database, including user records and site configuration.
Potential impact on your site
User data and site configuration may be exposed; site availability may be degraded.
Conditions required to exploit
Attacker must have a low-level user account on the site (e.g., subscriber or contributor role).
Key dates
External resources
Related vulnerabilities
