CVE-2021-24221

🗓️ 12 Apr 2021 14:03:25Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 33 Views🌐 WEB

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 allows SQL injection via result_id GET parameter

Reporter	Title	Published	Views	Family All 10
CNNVD	WordPress 插件 SQL注入漏洞	12 Apr 202100:00	–	cnnvd
CNVD	WordPress plugin SQL injection vulnerability (CNVD-2021-34528)	14 Apr 202100:00	–	cnvd
Cvelist	CVE-2021-24221 Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode	12 Apr 202114:03	–	cvelist
EUVD	EUVD-2021-11135	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24221	12 Apr 202114:15	–	nvd
OSV	CVE-2021-24221	12 Apr 202114:15	–	osv
Prion	Sql injection	12 Apr 202114:15	–	prion
RedhatCVE	CVE-2021-24221	22 May 202518:23	–	redhatcve
wpexploit	Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode	26 Mar 202100:00	–	wpexploit
WPVulnDB	Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode	26 Mar 202100:00	–	wpvulndb

NVD

Vulners

Node

expresstech quiz_and_survey_masterRange<7.1.12wordpress

[
  {
    "product": "Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "7.1.12",
        "status": "affected",
        "version": "7.1.12",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/2479603/
wpscan	www.wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab

Parameter	Position	Path	Description	CWE
result_id	query param	plugins.svn.wordpress.org/quiz-master-next/tags/7.1.10/php/classes/class-qmn-quiz-manager.php	SQL injection via unsanitized GET parameter result_id used in SQL query within shortcode handling (qsm_result)	CWE-89

21 Nov 2024 05:52Current

9.2High risk

Vulners AI Score9.2

CVSS 26.5

CVSS 3.18.8

EPSS0.02566

CWE-89