9 matches found
CVE-2021-24285
The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection...
VulnCheck KEV: CVE-2021-24285
The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL...
WordPress plugin SQL injection vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Car Seller - Auto Classifieds Script WordPress plugin...
CVE-2021-24285
The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection...
Sql injection
The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection...
CVE-2021-24285
CVE-2021-24285 concerns the WordPress plugin Car Seller - Auto Classifieds Script (versions ≤ 2.1.0). The vulnerability is a SQL injection in the request_list_request AJAX handler: the order_id parameter is not sanitised/validated/escaped before being interpolated into a SQL statement, and the en...
WordPress 插件 SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Car Seller - Auto Classifieds Script WordPress plugin...
Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection
The requestlistrequest AJAX call of the plugin, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection issue. curl 'https://example.com/wp-admin/admin-ajax.php' ...
WordPress Car Seller – Auto Classifieds Script plugin <= 2.1.0 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Car Seller – Auto Classifieds Script plugin versions = 2.1.0. Solution This plugin has been closed as of April 19, 2021 and is not available for download. This closure is permanent...