What the vulnerability does
01Description
Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions.
Explanation of Vulnerability in Simple Terms
GD Rating System versions up to 3.6.2 contain a SQL injection vulnerability that allows unauthenticated attackers to read sensitive database information without user interaction. The vulnerability exists in how the plugin processes user input in database queries. An attacker can extract data including user credentials and site configuration details. Update to a version newer than 3.6.2 to resolve this issue.
What an attacker can do
Read sensitive data from the site's database, including user information and credentials.
Potential impact on your site
User passwords, email addresses, and other database records can be exposed to attackers.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities