Download Advanced Contact form 7 DB <= 1.6.0 - Authenticated SQL Injection

Affects Plugin

fixed in version 1.6.1

References

URL https://blog.sucuri.net/2019/04/sql-injection-in-advance-contact-form-7-db.html
URL https://plugins.trac.wordpress.org/changeset/2066512/advanced-cf7-db

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Sucuri
Submitter Ryan Dewhurst
Submitter Website https://wpscan.io
Submitter Twitter ethicalhack3r
Views 6567
Verified No
WPVDB ID 9255

Timeline

Publicly Published 2019-04-11 (2 months ago)
Added 2019-04-11 (2 months ago)
Last Updated 2019-04-11 (2 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.