146 matches found
CVE-2021-24385
The CVE-2021-24385 entry concerns the WordPress Filebird Plugin (v4.7.3). The vulnerability is a SQL injection caused by unescaped user input in SQL queries derived from a HTTP POST request, with the vulnerable code path invoked by a REST API endpoint that requires no authentication. This makes t...
CVE-2021-24385 Filebird 4.7.3 - Unauthenticated SQL Injection
The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...
WordPress 插件 SQL注入漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. version 4.7.3 of Filebird Plugin has a security...
WordPress Filebird plugin 4.7.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Ravi Chandra in WordPress Filebird plugin version 4.7.3. Solution Update the WordPress Filebird plugin to the latest available version at least 4.7.4...
Filebird 4.7.3 - Unauthenticated SQL Injection
The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...
Filebird 4.7.3 - Unauthenticated SQL Injection
The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...