The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/9ce0153d-4a8b-4215-b6b6-15ca68c4f52c | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-08-02 11:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-24484
Mitre link : CVE-2021-24484
CVE.ORG link : CVE-2021-24484
JSON object : View
Products Affected
ays-pro
- secure_copy_content_protection_and_content_locking
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')