6 matches found
CVE-2024-0566
The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
Smart Manager 8.27.0 - Post-Authenticated SQL Injection
Exploit Title: Smart Manager 8.27.0 - Post-Authenticated SQL Injection Date: 2024-01-18 Exploit Author: Ivan Spiridonov - xbz0n Vendor Homepage: https://www.storeapps.org/ Software Link: https://www.storeapps.org/product/smart-manager/ Version: 8.27.0 Tested on: Ubuntu 22.04 CVE: CVE-2024-0566 SQ...
WordPress Smart Manager Plugin < 8.28.0 is vulnerable to SQL Injection
Software Smart Manager Type Plugin Vulnerable versions 8.28.0 Fixed in 8.28.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0566 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID c1d0448fde12 Credits Ivan Spiridonov Required privilege Administrator...
CVE-2024-0566
creationtimestamp| type| source ---|---|--- 2024-02-12 17:22:12+00:00| seen| https://t.me/ctinow/183284 2025-04-16 10:01:16+00:00| seen| https://bsky.app/profile/nimblenerd.social/post/3lmwdittwfv2r 2025-04-17 21:02:32+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lmzyvymvp...
CVE-2024-0566 Smart Manager < 8.28.0 - Admin+ SQL Injection
The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2024-0566
CVE-2024-0566 affects the Smart Manager WordPress plugin for versions before 8.28.0. The vulnerability is a SQL injection in the admin AJAX endpoint (sorting parameters in /wp-admin/admin-ajax.php), caused by insufficient sanitization/escaping of a parameter before it is used in an SQL statement....