Skip to main content

Seo CVE-2024-25848

MEDIUM
SQL Injection (CWE-89)
2024-03-08 cve@mitre.org
5.9
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
5.9 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Mar 08, 2024 - 02:15 cve.org
MEDIUM 5.9

DescriptionCVE.org

In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions.

AnalysisAI

In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions. Affected products include: Team-Ever Seo.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

More in Seo

View all
CVE-2020-11514 CRITICAL POC
9.8 Apr 07

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPres

CVE-2024-9161 MEDIUM POC
6.5 Oct 05

The Rank Math SEO - AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modificatio

CVE-2019-14786 MEDIUM POC
6.5 Aug 15

The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.p

CVE-2020-11515 MEDIUM POC
6.1 Apr 07

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that red

CVE-2022-36376 CRITICAL
9.8 Sep 09

Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress. Rated critical severity

CVE-2024-4627 MEDIUM POC
5.4 Jul 02

The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow u

CVE-2023-2224 MEDIUM POC
4.8 Jun 05

The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high

CVE-2024-9314 HIGH
7.2 Oct 05

The Rank Math SEO - AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in

CVE-2024-2536 MEDIUM
6.4 Apr 09

The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo bloc

CVE-2024-4335 MEDIUM
6.4 May 14

The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text

CVE-2024-13227 MEDIUM
6.4 Feb 13

The Rank Math SEO - AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Script

CVE-2024-3665 MEDIUM
6.4 Apr 23

The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's H

Share

CVE-2024-25848 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy