Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

CVE-2021-24138

🗓️ 18 Mar 2021 15:14:15Reported by WPScanType 
cve
 cve🔗 web.nvd.nist.gov👁 44 Views🌐 WEB

Unvalidated input in AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires admin privilege

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
Prion		Sql injection
18 Mar 202115:15
prion
NVD		CVE-2021-24138
18 Mar 202115:15
nvd
CNVD		Wordpress AdRotate SQL Injection Vulnerability
19 Mar 202100:00
cnvd
wpexploit		 AdRotate < 5.8.4 - Authenticated SQL Injection
3 Jun 202000:00
wpexploit
Cvelist		CVE-2021-24138 AdRotate < 5.8.4 - Authenticated SQL Injection
18 Mar 202114:57
cvelist
WPVulnDB		 AdRotate < 5.8.4 - Authenticated SQL Injection
3 Jun 202000:00
wpvulndb
Nvd
Vulners
Node
ajdgadrotateRange<5.8.4wordpress
[
  {
    "product": "AdRotate",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "5.8.4",
        "status": "affected",
        "version": "5.8.4",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
idquery param/wp-admin/admin.php?page=adrotate-statistics&view=group&id=1+AND+SLEEP%2810%29Authenticated SQL injection in AdRotate plugin via 'id' parameter requiring admin privileges.CWE-89
idquery param/wp-admin/admin.php?page=adrotate-statistics&view=group&id=2+AND+1%3D%28SELECT+IF+%28+GREATEST%28+ORD%28MID%28%40%40version%2C+1%2C+1%29%29%2C+1%29+%3D+53%2C+1%2C+0%29%29Authenticated SQL injection in AdRotate plugin via 'id' parameter targeting MySQL version check.CWE-89

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
18 Mar 2021 15:15Current
5.8Medium risk
Vulners AI Score5.8
CVSS25.5
CVSS35.5
EPSS0.00806
CWE-89
adrotatewordpress pluginsql injectionauthenticatedcve-2021-24138nvd
44
.json
Report