Lucene search

K
cvelistWPScanCVELIST:CVE-2021-24827
HistoryNov 08, 2021 - 5:35 p.m.

CVE-2021-24827 Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection

2021-11-0817:35:27
CWE-89
WPScan
www.cve.org
1

0.213 Low

EPSS

Percentile

96.5%

The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue

CNA Affected

[
  {
    "product": "Asgaros Forum",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.15.13",
        "status": "affected",
        "version": "1.15.13",
        "versionType": "custom"
      }
    ]
  }
]