5 matches found
CVE-2021-24741
The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters such as statuscode, department, userid, conversationid, conversationstatuscode, and recipientid before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users...
WordPress Support Board Plugin SQL Injection (CVE-2021-24741)
An SQL injection vulnerability exists in Support Board WordPress plugin before 3.3.4. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2021-24741
The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters such as statuscode, department, userid, conversationid, conversationstatuscode, and recipientid before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users...
CVE-2021-24741
Affected software. Support Board WordPress plugin (
CVE-2021-24741 Support Board < 3.3.4 - Multiple Unauthenticated SQL Injections
The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters such as statuscode, department, userid, conversationid, conversationstatuscode, and recipientid before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users...