CVE-2020-36626

Public Exploit

Modern Tribe Panel Builder Plugin SearchFilter.php add_post_content_filtered_to_search_sql sql injection

Description

A vulnerability classified as critical has been found in Modern Tribe Panel Builder Plugin. Affected is the function add_post_content_filtered_to_search_sql of the file ModularContent/SearchFilter.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4528d4f855dbbf24e9fc12a162fda84ce3bedc2f. It is recommended to apply a patch to fix this issue. VDB-216738 is the identifier assigned to this vulnerability.

References

Link	Tags
https://github.com/moderntribe/panel-builder/pull/173	exploit third party advisory patch
https://github.com/moderntribe/panel-builder/commit/4528d4f855dbbf24e9fc12a162fda84ce3bedc2f	third party advisory patch
https://vuldb.com/?id.216738	third party advisory

Frequently Asked Questions

What is the severity of CVE-2020-36626?: CVE-2020-36626 has been scored as a medium severity vulnerability.
How to fix CVE-2020-36626?: To fix CVE-2020-36626, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-36626 being actively exploited in the wild?: It is possible that CVE-2020-36626 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-36626?: CVE-2020-36626 affects Modern Tribe Panel Builder Plugin.

Description

Categories

CWE-707 – Improper Neutralization

CWE-79 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

References

Frequently Asked Questions