CVE-2021-24199

🗓️ 12 Apr 2021 13:59:17Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 36 Views🌐 WEB

wpDataTables plugin v3.4.2 SQL Injection via admin-ajax.php

Reporter	Title	Published	Views	Family All 9
CNNVD	WordPress SQL注入漏洞	12 Apr 202100:00	–	cnnvd
CNVD	WordPress plugin SQL injection vulnerability (CNVD-2021-28751)	14 Apr 202100:00	–	cnvd
Cvelist	CVE-2021-24199 wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter	12 Apr 202113:59	–	cvelist
EUVD	EUVD-2021-11113	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24199	12 Apr 202114:15	–	nvd
Patchstack	WordPress wpDataTables plugin <= 3.4.1 - Multiple SQL Injection (SQLi) vulnerabilities	16 Mar 202100:00	–	patchstack
Prion	Sql injection	12 Apr 202114:15	–	prion
RedhatCVE	CVE-2021-24199	22 May 202521:03	–	redhatcve
WPVulnDB	wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter	16 Mar 202100:00	–	wpvulndb

NVD

Vulners

Node

tms-outsource wpdatatablesRange<3.4.2premiumwordpress

[
  {
    "product": "wpDataTables – Tables & Table Charts",
    "vendor": "wpDataTables",
    "versions": [
      {
        "lessThan": "3.4.2",
        "status": "affected",
        "version": "3.4.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpdatatables	www.wpdatatables.com/help/whats-new-changelog/
n4nj0	www.n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/
wpscan	www.wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280

Parameter	Position	Path	Description	CWE
start	request body	wp-admin/admin-ajax.php?action=get_wdtable&table_id=1	Boolean-based blind SQL injection on the 'start' parameter in the POST request to get_wdtable endpoint.	CWE-89
table_id	request body	wp-admin/admin-ajax.php?action=get_wdtable&table_id=1	Boolean-based blind SQL injection on the 'start' parameter in the POST request to get_wdtable endpoint.	CWE-89

21 Nov 2024 05:52Current

6.8Medium risk

Vulners AI Score6.8

CVSS 24

CVSS 3.16.5

EPSS0.00903

CWE-89