Lucene search
WPScanCVELIST:CVE-2021-24285HistoryMay 14, 2021 - 11:38 a.m.
CVE-2021-24285 Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection
2021-05-1411:38:17
CWE-89
WPScan
www.cve.org
3
cve-2021-24285
wordpress plugin
unauthenticated
sql injection
ajax call
sql statement
EPSS
0.147
Percentile
95.9%
The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL Injection issue.
CNA Affected
[
{
"product": "Car Seller - Auto Classifieds Script",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
]Related
nuclei
nuclei
WordPress Car Seller - Auto Classifieds Script - SQL Injection
2021-06-08 21:43:23
prion
prion
Sql injection
2021-05-14 12:15:00
wpvulndb
wpvulndb
wpexploit
wpexploit
nvd
nvd
CVE-2021-24285
2021-05-14 12:15:08
cve
cve
CVE-2021-24285
2021-05-14 12:15:08
patchstack
patchstack
checkpoint_advisories
checkpoint_advisories