Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 09 Jun 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Quanticalabs
Quanticalabs car Park Booking System Wordpress Wordpress wordpress |
|
| Vendors & Products |
Quanticalabs
Quanticalabs car Park Booking System Wordpress Wordpress wordpress |
Tue, 09 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 09 Jun 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the space_id parameter. Attackers can send GET requests to the booking-page endpoint with malicious space_id values using AND SLEEP() payloads to extract sensitive database information. | |
| Title | WordPress Car Park Booking Plugin SQL Injection via space_id | |
| Weaknesses | CWE-89 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-09T14:09:07.662Z
Reserved: 2026-06-08T11:41:41.810Z
Link: CVE-2017-20243
Updated: 2026-06-09T14:08:38.380Z
Status : Deferred
Published: 2026-06-09T13:16:33.967
Modified: 2026-06-09T13:51:18.770
Link: CVE-2017-20243
No data.
OpenCVE Enrichment
Updated: 2026-06-09T20:20:57Z