CVE-2022-0255

State: PUBLISHED · Published: 2022-02-21 · Updated: 2024-08-02 · Assigner: WPScan

Description

The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue

CWE

CWE-89 — CWE-89 SQL Injection

Affected

Unknown / Database Backup for WordPress — v=2.5.1 <2.5.1 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/684bb06d-864f-4cba-ab0d-f83974d026fa x_refsource_MISC

Source

cvelistV5-main/cves/2022/0xxx/CVE-2022-0255.json