CVE Catalog

CVE-2017-20243

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Summary

The WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the space_id parameter.

Risk Assessment

Attackers can send GET requests to the booking-page endpoint with malicious space_id values, potentially leading to the exposure of sensitive database information.

Recommendation

It is recommended to update the plugin to the latest version and implement additional security measures to minimize the risk of SQL injection attacks.

Original NVD description (English source)

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the space_id parameter. Attackers can send GET requests to the booking-page endpoint with malicious space_id values using AND SLEEP() payloads to extract sensitive database information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS