Jetengine
CVE-2021-41844
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data.
AnalysisAI
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. Affected products include: Crocoblock Jetengine. Version information: before 2.9.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Unauthenticated PHP Object Injection in Crocoblock JetEngine WordPress plugin versions 3.8.10 and earlier allows remote
PHP Object Injection in the JetEngine WordPress plugin (versions through 3.8.9.1) allows authenticated users with the Co
SQL injection in Crocoblock JetEngine (a WordPress plugin) through version 3.8.8.1 allows remote unauthenticated attacke
Unauthenticated SQL injection in the JetEngine WordPress plugin versions 3.8.10.1 and earlier allows remote attackers to
Unauthenticated SQL injection in the JetEngine WordPress plugin versions prior to 3.8.9.1 allows remote attackers to inj
Unauthenticated SQL injection in the JetEngine WordPress plugin (versions up to and including 3.8.9.1) allows remote att
Crocoblock JetEngine versions below 3.8.4.1 are vulnerable to unsafe deserialization of untrusted data, enabling authent
Unauthenticated SQL injection in the JetEngine WordPress plugin versions up to 3.8.10.1 allows remote attackers to extra
Reflected or stored cross-site scripting in the JetEngine WordPress plugin (versions 3.8.10 and earlier) allows remote u
Unauthenticated cross-site scripting in the JetEngine WordPress plugin versions 3.8.10 and earlier allows remote attacke
Unauthenticated reflected/stored cross-site scripting in the JetEngine WordPress plugin (versions <= 3.8.9.1) allows rem
Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input. Rated medium severit
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today