4 matches found
CVE-2021-24404
The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so ...
CVE-2021-24404
The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so ...
CVE-2021-24404
The CVE-2021-24404 entry concerns the WP-Board WordPress plugin (versions up to 1.1 beta). The vulnerability is a SQL injection in options.php where the postid parameter is not sanitized, escaped, or validated before being inserted into a SQL statement. The issue is described as a time-based SQLi...
CVE-2021-24404 WP-Board <= 1.1 (beta) - Unauthenticated SQL Injection
The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so ...