CVE-2024-2661

EPSS 0.69%
Veröffentlicht 02.05.2024 17:15:18
Zuletzt bearbeitet 21.11.2024 09:10:14
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Barcode Scanner with Inventory & Order Manager <= 1.5.4 - Authenticated (Subscriber+) SQL Injection

The Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to blind SQL Injection via the ‘currentIds’ parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Mögliche Gegenmaßnahme

Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale): Update to version 1.5.5, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)

Version * - 1.5.4

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerukrsolution

≫

Produkt Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Default Statusunaffected

Version <= 1.5.4

Version *

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.69%	0.711

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

https://plugins.trac.wordpress.org/browser/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/trunk/src/Core.php#L621

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3074826%40barcode-scanner-lite-pos-to-manage-products-inventory-and-orders%2Ftrunk&old=3048878%40barcode-scanner-lite-pos-to-manage-products-inventory-and-orders%2Ftrunk&sfp_email=&sfph_mail=

https://www.wordfence.com/threat-intel/vulnerabilities/id/3c8ba503-db7e-4ac1-898f-a301854db60f?source=cve

https://www.wordfence.com/threat-intel/vulnerabilities/id/3c8ba503-db7e-4ac1-898f-a301854db60f

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-2661

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2661

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2661

EUVD