{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-49244",
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "state": "PUBLISHED",
        "assignerShortName": "Patchstack",
        "dateReserved": "2024-10-14T10:39:17.124Z",
        "datePublished": "2024-10-17T17:33:11.071Z",
        "dateUpdated": "2024-10-17T19:31:51.346Z"
    },
    "containers": {
        "cna": {
            "affected": [
                {
                    "collectionURL": "https://wordpress.org/plugins",
                    "defaultStatus": "unaffected",
                    "packageName": "csv-wc-product-import-export",
                    "product": "CSV Product Import Export for WooCommerce",
                    "vendor": "cmssoft",
                    "versions": [
                        {
                            "lessThanOrEqual": "1.0.0",
                            "status": "affected",
                            "version": "n/a",
                            "versionType": "custom"
                        }
                    ]
                }
            ],
            "credits": [
                {
                    "lang": "en",
                    "type": "finder",
                    "user": "00000000-0000-4000-9000-000000000000",
                    "value": "Hakiduck (Patchstack Alliance)"
                }
            ],
            "descriptions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cmssoft CSV Product Import Export for WooCommerce allows SQL Injection.<p>This issue affects CSV Product Import Export for WooCommerce: from n/a through 1.0.0.</p>"
                        }
                    ],
                    "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cmssoft CSV Product Import Export for WooCommerce allows SQL Injection.This issue affects CSV Product Import Export for WooCommerce: from n/a through 1.0.0."
                }
            ],
            "impacts": [
                {
                    "capecId": "CAPEC-66",
                    "descriptions": [
                        {
                            "lang": "en",
                            "value": "CAPEC-66 SQL Injection"
                        }
                    ]
                }
            ],
            "metrics": [
                {
                    "cvssV3_1": {
                        "attackComplexity": "LOW",
                        "attackVector": "NETWORK",
                        "availabilityImpact": "LOW",
                        "baseScore": 8.5,
                        "baseSeverity": "HIGH",
                        "confidentialityImpact": "HIGH",
                        "integrityImpact": "NONE",
                        "privilegesRequired": "LOW",
                        "scope": "CHANGED",
                        "userInteraction": "NONE",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
                        "version": "3.1"
                    },
                    "format": "CVSS",
                    "scenarios": [
                        {
                            "lang": "en",
                            "value": "GENERAL"
                        }
                    ]
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-89",
                            "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
                "shortName": "Patchstack",
                "dateUpdated": "2024-10-17T17:33:11.071Z"
            },
            "references": [
                {
                    "tags": [
                        "vdb-entry"
                    ],
                    "url": "https://patchstack.com/database/vulnerability/csv-wc-product-import-export/wordpress-sv-product-import-export-for-woocommerce-plugin-1-0-0-sql-injection-vulnerability?_s_id=cve"
                }
            ],
            "source": {
                "discovery": "EXTERNAL"
            },
            "title": "WordPress SV Product Import Export for WooCommerce plugin <= 1.0.0 - SQL Injection vulnerability",
            "x_generator": {
                "engine": "Vulnogram 0.1.0-dev"
            }
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-10-17T19:31:36.499323Z",
                                "id": "CVE-2024-49244",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-10-17T19:31:51.346Z"
                }
            }
        ]
    }
}