exploitDog

CVE-2021-24484

Опубликовано: 02 авг. 2021

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

Ссылки

https://wpscan.com/vulnerability/9ce0153d-4a8b-4215-b6b6-15ca68c4f52c
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/9ce0153d-4a8b-4215-b6b6-15ca68c4f52c
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ays-pro:secure_copy_content_protection_and_content_locking:*:*:*:*:*:wordpress:*:*

Версия до 2.6.7 (исключая)

EPSS

Процентиль: 68%

0.00567

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-4mw6-mpc3-jcw5

github

больше 3 лет назад

The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

EPSS

Процентиль: 68%

0.00567

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89