CVE-2017-20243
HighCVSS 8.2Summary
The WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the space_id parameter.
Risk Assessment
Attackers can send GET requests to the booking-page endpoint with malicious space_id values, potentially leading to the exposure of sensitive database information.
Recommendation
It is recommended to update the plugin to the latest version and implement additional security measures to minimize the risk of SQL injection attacks.
Original NVD description (English source)
WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the space_id parameter. Attackers can send GET requests to the booking-page endpoint with malicious space_id values using AND SLEEP() payloads to extract sensitive database information.

