What the vulnerability does
01Description
Contributor SQL Injection in Custom Field Template <= 2.7.8 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Contributor SQL Injection in Custom Field Template <= 2.7.8 versions.
Explanation of Vulnerability in Simple Terms
Custom Field Template versions up to 2.7.8 contain a SQL injection vulnerability in database query construction. An authenticated user with low privileges can craft malicious input to extract sensitive data from the database or disrupt site availability. The vulnerability affects multiple database operations and may impact other users' data depending on site configuration.
What an attacker can do
Read sensitive data from the database or cause the site to become unavailable.
Potential impact on your site
User data and site configuration details may be exposed; site performance may degrade or fail.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities