3 matches found
Exploit for CVE-2024-3495
CVE-2024-3495-Poc CVE-2024-3495 Country State City Dropdown CF...
CVE-2024-3495 Country State City Dropdown CF7 <= 2.7.2 - Unauthenticated SQL Injection
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
WordPress Country State City Dropdown CF7 Plugin <= 2.7.2 is vulnerable to SQL Injection
Software Country State City Dropdown CF7 Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3495 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 39d467a76c0d Credits Krzysztof Zając Required privile...