2 matches found
CVE-2021-24459 Survey Maker < 1.5.6 - Authenticated Blind SQL Injections
The getresults and getitems functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...
CVE-2021-24459
The CVE-2021-24459 entry concerns the WordPress Survey Maker plugin (before 1.5.6). The root cause is that get_results() and get_items() do not whitelist or validate the orderby parameter before using it in SQL statements, leading to SQL injection in the admin dashboard. Impact is authenticated S...