Vulnerability CVE-2020-9006

Vulnerability CVE-2020-9006

Published: 2020-02-17

Description:

Type:

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Affected software
Sygnoos -> Popup builder

https://plugins.trac.wordpress.org/browser/popup-builder/tags/2.2.8/files/sg_popup_ajax.php#L69

https://wordpress.org/plugins/popup-builder/#developers

https://wpvulndb.com/vulnerabilities/10073

https://zeroauth.ltd/blog/2020/02/16/cve-2020-9006-popup-builder-wp-plugin-sql-injection-via-php-deserialization/