Description

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

Remediation

References

CVE-2018-20505

Related Vulnerabilities

WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (4.4.7)

WordPress 3.7.x Denial of Service Vulnerability (3.7 - 3.7.25)

WordPress Plugin Events Manager Cross-Site Scripting (5.8.1.3)

WordPress Plugin Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, Aweber-MailOptin Security Bypass (1.2.49.0)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (2.9.31)

Severity

High

Classification

CVE-2018-20505 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Tags

Missing Update Known Vulnerabilities