Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:33 a.m.14 views

CVE-2024-0566

The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS7.3AI score0.03301EPSS
Exploits5References1
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.314 views

Smart Manager 8.27.0 - Post-Authenticated SQL Injection

Exploit Title: Smart Manager 8.27.0 - Post-Authenticated SQL Injection Date: 2024-01-18 Exploit Author: Ivan Spiridonov - xbz0n Vendor Homepage: https://www.storeapps.org/ Software Link: https://www.storeapps.org/product/smart-manager/ Version: 8.27.0 Tested on: Ubuntu 22.04 CVE: CVE-2024-0566 SQ...

7.2CVSS6.7AI score0.03301EPSS
Exploits5
Patchstack
Patchstack
added 2024/02/13 12:0 a.m.26 views

WordPress Smart Manager Plugin < 8.28.0 is vulnerable to SQL Injection

Software Smart Manager Type Plugin Vulnerable versions 8.28.0 Fixed in 8.28.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0566 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID c1d0448fde12 Credits Ivan Spiridonov Required privilege Administrator...

7.2CVSS6.8AI score0.03301EPSS
Exploits5References4Affected Software1
Circl
Circl
added 2024/02/12 5:22 p.m.33 views

CVE-2024-0566

creationtimestamp| type| source ---|---|--- 2024-02-12 17:22:12+00:00| seen| https://t.me/ctinow/183284 2025-04-16 10:01:16+00:00| seen| https://bsky.app/profile/nimblenerd.social/post/3lmwdittwfv2r 2025-04-17 21:02:32+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lmzyvymvp...

7.2CVSS4.8AI score0.03301EPSS
Exploits5References3
Cvelist
Cvelist
added 2024/02/12 4:5 p.m.55 views

CVE-2024-0566 Smart Manager < 8.28.0 - Admin+ SQL Injection

The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.3AI score0.03301EPSS
Exploits5References1
CVE
CVE
added 2024/02/12 4:5 p.m.83 views

CVE-2024-0566

CVE-2024-0566 affects the Smart Manager WordPress plugin for versions before 8.28.0. The vulnerability is a SQL injection in the admin AJAX endpoint (sorting parameters in /wp-admin/admin-ajax.php), caused by insufficient sanitization/escaping of a parameter before it is used in an SQL statement....

7.2CVSS7.2AI score0.03301EPSS
Exploits5References1Affected Software1
Rows per page
Query Builder