Lucene search

K
prionPRIOn knowledge basePRION:CVE-2021-24846
HistoryDec 21, 2021 - 9:15 a.m.

Sql injection

2021-12-2109:15:00
PRIOn knowledge base
www.prio-n.com
2

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.8%

The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by any authenticated users, such as subscriber

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.8%