Search criteria
2 vulnerabilities by ketchup_restaurant_reservations_project
CVE-2022-2754 (GCVE-0-2022-2754)
Vulnerability from cvelistv5 – Published: 2022-09-19 14:01 – Updated: 2024-08-03 00:46
VLAI?
Title
Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Blind SQLi
Summary
The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Ketchup Restaurant Reservations |
Affected:
1.0.0 , ≤ 1.0.0
(custom)
|
Credits
Bastijn Ouwendijk
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e3c6d137-ff6e-432a-a21a-b36dc81f73c5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ketchup Restaurant Reservations",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.0.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bastijn Ouwendijk"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-19T14:01:03",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/e3c6d137-ff6e-432a-a21a-b36dc81f73c5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ketchup Restaurant Reservations \u003c= 1.0.0 - Unauthenticated Blind SQLi",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2754",
"STATE": "PUBLIC",
"TITLE": "Ketchup Restaurant Reservations \u003c= 1.0.0 - Unauthenticated Blind SQLi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ketchup Restaurant Reservations",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.0.0",
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bastijn Ouwendijk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/e3c6d137-ff6e-432a-a21a-b36dc81f73c5",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e3c6d137-ff6e-432a-a21a-b36dc81f73c5"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2754",
"datePublished": "2022-09-19T14:01:03",
"dateReserved": "2022-08-10T00:00:00",
"dateUpdated": "2024-08-03T00:46:04.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2753 (GCVE-0-2022-2753)
Vulnerability from cvelistv5 – Published: 2022-09-19 14:01 – Updated: 2024-08-03 00:46
VLAI?
Title
Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored XSS
Summary
The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Ketchup Restaurant Reservations |
Affected:
1.0.0 , ≤ 1.0.0
(custom)
|
Credits
Bastijn Ouwendijk
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/3c6cc46e-e18a-4f34-ac09-f30ca74a1182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ketchup Restaurant Reservations",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.0.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bastijn Ouwendijk"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-19T14:01:01",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/3c6cc46e-e18a-4f34-ac09-f30ca74a1182"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ketchup Restaurant Reservations \u003c= 1.0.0 - Unauthenticated Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2753",
"STATE": "PUBLIC",
"TITLE": "Ketchup Restaurant Reservations \u003c= 1.0.0 - Unauthenticated Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ketchup Restaurant Reservations",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.0.0",
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bastijn Ouwendijk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/3c6cc46e-e18a-4f34-ac09-f30ca74a1182",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3c6cc46e-e18a-4f34-ac09-f30ca74a1182"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2753",
"datePublished": "2022-09-19T14:01:01",
"dateReserved": "2022-08-10T00:00:00",
"dateUpdated": "2024-08-03T00:46:04.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}