The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-06-19T10:52:42.822Z
Updated: 2024-08-02T06:33:05.256Z
Reserved: 2023-05-15T19:35:28.158Z
Link: CVE-2023-2719
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-06-19T11:15:10.487
Modified: 2023-11-07T04:13:13.243
Link: CVE-2023-2719
Redhat
No data.