{"id":1084,"date":"2024-04-04T06:27:49","date_gmt":"2024-04-04T04:27:49","guid":{"rendered":"https:\/\/techlance.ddns.net\/?p=1084"},"modified":"2024-04-04T06:28:27","modified_gmt":"2024-04-04T04:28:27","slug":"layerslider-wordpress-lisaosassa-on-kriittinen-sql-injektiohaavoittuvuus","status":"publish","type":"post","link":"https:\/\/techlance.ddns.net\/en\/layerslider-wordpress-lisaosassa-on-kriittinen-sql-injektiohaavoittuvuus\/","title":{"rendered":"LayerSlider WordPress -lis\u00e4osassa on kriittinen SQL-injektiohaavoittuvuus"},"content":{"rendered":"<p>LayerSlider WordPress -lis\u00e4osassa on kriittinen SQL-injektiohaavoittuvuus, joka koskee versioita 7.9.11 ja 7.10.0. Haavoittuvuus mahdollistaa tunnistamattomien hy\u00f6kk\u00e4\u00e4jien suorittaa SQL-kyselyj\u00e4 ilman todennusta k\u00e4ytt\u00e4en hyv\u00e4ksi riitt\u00e4m\u00e4tt\u00f6m\u00e4sti suodatettua k\u00e4ytt\u00e4j\u00e4n sy\u00f6tt\u00e4m\u00e4\u00e4 parametria ja valmista SQL-kysely\u00e4. T\u00e4m\u00e4 voi johtaa arkaluonteisen tietokannan tietojen vuotamiseen. P\u00e4ivitt\u00e4minen versioon 7.10.1 korjaa haavoittuvuuden. Lis\u00e4tietoja on saatavilla Wordfencen sivustolla<\/p>\n\n\n\n<p>Classification: Critical, Solution: Official Fix, Exploit Maturity: Unproven, CVSSv3.1: 9.8, CVEs: CVE-2024-2879, Summary: The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Update to version 7.10.1 fix the vulnerability. See also: https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/layerslider\/layerslider-7911-7100-unauthenticated-sql-injection<\/p>\n\n\n\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-2975\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-2975<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>LayerSlider WordPress -lis\u00e4osassa on kriittinen SQL-injektiohaavoittuvuus, joka koskee versioita 7.9.11 ja 7.10.0. Haavoittuvuus mahdollistaa tunnistamattomien hy\u00f6kk\u00e4\u00e4jien suorittaa SQL-kyselyj\u00e4 ilman todennusta [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[9],"tags":[15],"class_list":["post-1084","post","type-post","status-publish","format-standard","hentry","category-security","tag-tietoturva"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts\/1084","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/comments?post=1084"}],"version-history":[{"count":0,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts\/1084\/revisions"}],"wp:attachment":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/media?parent=1084"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/categories?post=1084"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/tags?post=1084"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}