{"id":975,"date":"2024-03-14T07:22:26","date_gmt":"2024-03-14T05:22:26","guid":{"rendered":"https:\/\/techlance.ddns.net\/?p=975"},"modified":"2024-03-14T07:23:22","modified_gmt":"2024-03-14T05:23:22","slug":"sql-injektiohaavoittuvuus-ultimate-member-wordpress-lisaosassa","status":"publish","type":"post","link":"https:\/\/techlance.ddns.net\/en\/sql-injektiohaavoittuvuus-ultimate-member-wordpress-lisaosassa\/","title":{"rendered":"SQL-injektiohaavoittuvuus Ultimate Member WordPress-lis\u00e4osassa"},"content":{"rendered":"<p>Ultimate Member WordPress-lis\u00e4osan versiot 2.1.3 &#8211; 2.8.2 ovat alttiita SQL-injektiohaavoittuvuudelle, joka mahdollistaa tunnistamattoman hy\u00f6kk\u00e4\u00e4j\u00e4n lis\u00e4t\u00e4 lis\u00e4 SQL-kyselyit\u00e4 jo olemassa oleviin kyselyihin, joita voidaan k\u00e4ytt\u00e4\u00e4 arkaluonteisen tiedon poimintaan tietokannasta. Haavoittuvuus on k\u00e4sitelty versiossa 2.8.3 ja sit\u00e4 uudemmissa versioissa. Lis\u00e4tietoja: <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-1071\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-1071<\/a><\/p>\n\n\n\n<p>Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8, CVEs: CVE-2024-1071, Summary: The Ultimate Member WordPress Plugin versions 2.1.3 &#8211; 2.8.2 are vulnerable to SQL injection vulnerability that allows an unauthenticated attacker to pend additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The vulnerability has been addressed in version 2.8.3 and above. See also: https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-1071<\/p>\n\n\n\n<p><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/ultimate-member\/ultimate-member-user-profile-registration-login-member-directory-content-restriction-membership-plugin-213-282-unauthenticated-sql-injection\">https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/ultimate-member\/ultimate-member-user-profile-registration-login-member-directory-content-restriction-membership-plugin-213-282-unauthenticated-sql-injection<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Ultimate Member WordPress-lis\u00e4osan versiot 2.1.3 &#8211; 2.8.2 ovat alttiita SQL-injektiohaavoittuvuudelle, joka mahdollistaa tunnistamattoman hy\u00f6kk\u00e4\u00e4j\u00e4n lis\u00e4t\u00e4 lis\u00e4 SQL-kyselyit\u00e4 jo olemassa oleviin [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[9],"tags":[15],"class_list":["post-975","post","type-post","status-publish","format-standard","hentry","category-security","tag-tietoturva"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts\/975","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/comments?post=975"}],"version-history":[{"count":0,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts\/975\/revisions"}],"wp:attachment":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/media?parent=975"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/categories?post=975"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/tags?post=975"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}