3 matches found
CVE-2022-0658
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection...
CVE-2022-0658 CommonsBooking < 2.6.8 - Unauthenticated SQL Injection
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection...
CVE-2022-0658
CVE-2022-0658 affects the CommonsBooking WordPress plugin prior to version 2.6.8. The vulnerability arises because the plugin does not sanitize/escape the location parameter of the calendar_data AJAX action, which is accessible to unauthenticated users, before building dynamic SQL queries. This l...