The Schreikasten WordPress plugin through 0.14.18 does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authenticated SQL Injections which can be exploited by users as low as author
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2021-11-08T17:34:53
Updated: 2024-08-03T19:35:20.323Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24630
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-11-08T18:15:08.593
Modified: 2024-11-21T05:53:26.907
Link: CVE-2021-24630
Redhat
No data.