CVE-2021-24791

November 10, 2021

The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the “orderby” and “order” request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections

Summary:

The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the “orderby” and “order” request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections

Reference Links(if available):

  • https://wpscan.com/vulnerability/d55caa9b-d50f-4c13-bc69-dc475641735f

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    cybersecurity

    Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

    April 23, 2024
    image

    CACTUS Ransomware Victim: https://www[.]ebir[.]com/

    April 23, 2024
    image

    CACTUS Ransomware Victim: https://www[.]concordegroup[.]ca/

    April 23, 2024
    image

    CACTUS Ransomware Victim: https://www[.]coastalcargogroup[.]com/

    April 23, 2024
    image

    CACTUS Ransomware Victim: https://www[.]saglobal[.]com/

    April 23, 2024