CVEs-PoC/2021/CVE-2021-24460.md at fb72866abda7b3c768cede9c8bc9e7764567e5d7

mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

POC

Reference

https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397

Github

https://github.com/20142995/nuclei-templates

857 B Raw Blame History Unescape Escape

CVE-2021-24460

Description

POC

Reference

Github

857 B

Raw Blame History