CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-06-01 11:01:35 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
c052d0d6949679697108fa931a00cd4220694869
CVEs-PoC/2023/CVE-2023-2805.md
T
0xMarcio 4edef1e4c8 Update CVE sources 2024-05-28 08:49
2024-05-28 08:49:17 +00:00

795 B
Raw Blame History

CVE-2023-2805

Description

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

POC

Reference

Github

No PoCs found on GitHub currently.

Reference in New Issue View Git Blame Copy Permalink