The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/cbb8fa9f-1c84-4410-ae86-64cb1771ce78 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2022-03-07 09:15
Updated : 2024-02-28 19:09
NVD link : CVE-2021-24952
Mitre link : CVE-2021-24952
CVE.ORG link : CVE-2021-24952
JSON object : View
Products Affected
tatvic
- conversios.io
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')