CVEs-PoC/2021/CVE-2021-24149.md at 9fdf63f72aaf69c2cfcdf003f210c221cc422aaa

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-15 11:48:07 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue.

POC

Reference

https://wpscan.com/vulnerability/26819680-22a8-4348-b63d-dc52c0d50ed0

Github

https://github.com/20142995/nuclei-templates

817 B Raw Blame History

CVE-2021-24149

Description

POC

Reference

Github

817 B

Raw Blame History