Reportedly, a low severity issue where an attacker can create a new user with the ‘Create’ privilege via the username parameter at /admin/settings.
The reported SQL injection vulnerability allows attackers to inject own SQL code or code of other applications via the login.php or settings.php files.
If you have installed or are using this product, it is recommended to apply the update immediately.
Datto Dyn a-Tune
Datto Dyna-Tune is a tool that is intended to help IT professionals manage their backup and recovery process.
What is WordPress ?
WordPress is a software platform that allows web designers and developers to create their own website without having to know the HTML code. With WordPress, you can add pages, blog posts, and more with no coding knowledge required. It also comes with a "back end" which includes a dashboard where you can customize your site into what you want it to be.
The reported SQL injection vulnerability allows attackers to inject own SQL code or code of other applications via the login.php or settings.php files at /admin/settings and /admin/user/create .
If you have installed or are using this product, it is recommended to apply the update immediately.
Timeline
Published on: 11/16/2022 20:15:00 UTC
Last modified on: 11/18/2022 04:40:00 UTC