CVEs-PoC/2021/CVE-2021-24285.md at dc6e2cf7158eeb24cfecb4d64f4f1da9a8a732e2

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-02 04:25:08 +02:00

Files

T

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL Injection issue.

POC

Reference

https://wpscan.com/vulnerability/f35d6ab7-dd52-48b3-a79c-3f89edf24162

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/SexyBeast233/SecBooks

980 B Raw Blame History

CVE-2021-24285

Description

POC

Reference

Github

980 B

Raw Blame History