CVE-2020-11548

{"id": "CVE-2020-11548", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-04-05T00:15:11.940", "references": [{"url": "https://wordpress.org/plugins/search-meter/#developers", "tags": ["Product", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/48197", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://wordpress.org/plugins/search-meter/#developers", "tags": ["Product", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/48197", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1236"}]}], "descriptions": [{"lang": "en", "value": "The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed."}, {"lang": "es", "value": "El plugin Search Meter versiones hasta 2.13.2 para WordPress, permite que la entrada del usuario introducida en la barra de b\u00fasqueda sea cualquier f\u00f3rmula. El atacante podr\u00eda lograr una ejecuci\u00f3n de c\u00f3digo remota por medio de una inyecci\u00f3n CSV si una Exportaci\u00f3n de wp-admin/index.php?page=search-meter es realizada."}], "lastModified": "2024-11-21T04:58:07.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:search_meter_project:search_meter:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "18DAD4EA-EC82-4E42-979D-82003C0F8794", "versionEndIncluding": "2.13.2"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}