The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 01:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | SP Rental Manager <= 1.5.3 Unauthenticated SQL Injection | SP Rental Manager <= 1.5.3 Unauthenticated SQL Injection |
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2021-09-09T18:09:53.452681Z
Updated: 2024-09-17T01:06:47.505Z
Reserved: 2021-08-09T00:00:00
Link: CVE-2021-38324
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-09-09T19:15:14.053
Modified: 2021-09-22T16:44:59.803
Link: CVE-2021-38324
Redhat
No data.