Description

Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).

Remediation

References

CVE-2023-28329

Related Vulnerabilities

WordPress Plugin WordPress Popular Posts Multiple Vulnerabilities (5.3.2)

WordPress Plugin Sticky Menu, Sticky Header (or anything!) on Scroll Cross-Site Request Forgery (2.2)

Drupal Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2020-13664)

WordPress Plugin Simple Link Directory PHP Object Injection (5.5.0)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (2.9.18)

Severity

High

Classification

CVE-2023-28329 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities