Sql injection

2021-03-1815:15:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

JSON

In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter.

CPENameOperatorVersion
wowonderlt3.1

CPE	Name	Operator	Version
	wowonder	lt	3.1

References

securityforeveryone.com/blog/wowonder-0-day-vulnerability-cve-2021-26935

www.exploit-db.com/exploits/49657