11 matches found
CVE-2022-0658
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection...
WordPress CommonsBooking plugin SQL injection vulnerability
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. SQL injection vulnerability exists in versions of the WordPress CommonsBooking plugin prior to 2.6.8, which stems from the CommonsBooking plug...
CVE-2022-0658
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection...
CVE-2022-0658
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection...
Sql injection
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection...
CVE-2022-0658 CommonsBooking < 2.6.8 - Unauthenticated SQL Injection
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection...
CVE-2022-0658
CVE-2022-0658 affects the CommonsBooking WordPress plugin prior to version 2.6.8. The vulnerability arises because the plugin does not sanitize/escape the location parameter of the calendar_data AJAX action, which is accessible to unauthenticated users, before building dynamic SQL queries. This l...
WordPress plugin SQL注入漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. SQL injection vulnerability exists in versions of the WordPress CommonsBooking plugin prior to 2.6.8, which stems from the CommonsBooking plug...
CommonsBooking < 2.6.8 - Unauthenticated SQL Injection
The plugin does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection Create an "item" and a "location" via the newly added...
CommonsBooking < 2.6.8 - Unauthenticated SQL Injection
The plugin does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection PoC Create an "item" and a "location" via the newly added...
WordPress CommonsBooking plugin <= 2.6.7 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress CommonsBooking plugin versions = 2.6.7. Solution Update the WordPress CommonsBooking plugin to the latest available version at least 2.6.8...