Lucene search
+L

7 matches found

Nuclei
Nuclei
added 10 hours ago57 views

WordPress Car Seller - Auto Classifieds Script - SQL Injection

The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitize, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL injection...

9.8CVSS8.7AI score0.14697EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2025/05/22 9:3 p.m.10 views

CVE-2021-24285

The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection...

9.8CVSS7.7AI score0.14697EPSS
Exploits2References1
Circl
Circl
added 2023/04/27 9:58 a.m.33 views

CVE-2021-24285

creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24285.yaml 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-02-27...

9.8CVSS7.3AI score0.14697EPSS
In wildExploits2References4
NVD
NVD
added 2021/05/14 12:15 p.m.31 views

CVE-2021-24285

The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection...

9.8CVSS0.14697EPSS
Exploits2References2
Cvelist
Cvelist
added 2021/05/14 11:38 a.m.40 views

CVE-2021-24285 Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection

The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection...

10AI score0.14697EPSS
Exploits2References2
CVE
CVE
added 2021/05/14 11:38 a.m.85 views

CVE-2021-24285

CVE-2021-24285 concerns the WordPress plugin Car Seller - Auto Classifieds Script (versions ≤ 2.1.0). The vulnerability is a SQL injection in the request_list_request AJAX handler: the order_id parameter is not sanitised/validated/escaped before being interpolated into a SQL statement, and the en...

9.8CVSS9.8AI score0.14697EPSS
In wildExploits2References2Affected Software1
Check Point Advisories
Check Point Advisories
added 2021/04/18 12:0 a.m.121 views

UNION Query-based SQL Injection Over HTTP Traffic (CVE-2018-17254; CVE-2020-18144; CVE-2020-29283; CVE-2020-29287; CVE-2020-29288; CVE-2020-35430; CVE-2021-24285)

UNION Query-based SQL Injection Over HTTP Traffic...

7.5CVSS0.8AI score0.82976EPSS
Exploits12
Rows per page
Query Builder