Hermit <= 3.1.6 – Unauthenticated SQLi | CVE 2022-29411

Affects Plugins

hermit

No known fix

References

CVE

CVE-2022-29411

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

8.6 (high)

Miscellaneous

Original Researcher

Lenon Leite

Verified

No

WPVDB ID

2e09c838-d6ba-46f7-be14-1ee2829ba3bd

Timeline

Publicly Published

2022-04-28 (about 4 years ago)

Added

2022-04-28 (about 4 years ago)

Last Updated

2022-04-29 (about 4 years ago)

Other

Published

Title

Published

2022-12-12

Title

Web Invoice <= 2.1.3 - Authenticated SQLi

Published

2024-02-12

Title

MoveTo <= 6.2 - Unauthenticated SQL Injection

Published

2020-09-06

Title

Advanced Database Cleaner < 3.0.2 - Authenticated SQL injection

Published

2015-12-01

Title

Email Newsletter <= 20.15 - SQL Injection

Published

2023-11-23

Title

ChatBot < 4.7.9 - Authenticated (Administrator+) SQL Injection