7 matches found
WordPress Car Seller - Auto Classifieds Script - SQL Injection
The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitize, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL injection...
CVE-2021-24285
The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection...
CVE-2021-24285
creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24285.yaml 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-02-27...
CVE-2021-24285
The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection...
CVE-2021-24285 Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection
The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection...
CVE-2021-24285
CVE-2021-24285 concerns the WordPress plugin Car Seller - Auto Classifieds Script (versions ≤ 2.1.0). The vulnerability is a SQL injection in the request_list_request AJAX handler: the order_id parameter is not sanitised/validated/escaped before being interpolated into a SQL statement, and the en...
UNION Query-based SQL Injection Over HTTP Traffic (CVE-2018-17254; CVE-2020-18144; CVE-2020-29283; CVE-2020-29287; CVE-2020-29288; CVE-2020-35430; CVE-2021-24285)
UNION Query-based SQL Injection Over HTTP Traffic...