Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/02/05 6:39 a.m.7 views

CVE-2024-5792

The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes ‘belongto’ parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

8.8CVSS7.3AI score0.00454EPSS
Exploits0References1
cvelist
cvelist
added 2024/07/10 2:2 a.m.20 views

CVE-2024-5792 Houzez CRM <= 1.4.2 - Authenticated (Seller+) SQL Injection

The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes ‘belongto’ parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

8.8CVSS0.00454EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/07/10 2:2 a.m.5 views

CVE-2024-5792 Houzez CRM <= 1.4.2 - Authenticated (Seller+) SQL Injection

The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes ‘belongto’ parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

8.8CVSS7.3AI score0.00454EPSS
Exploits0References2
patchstack
patchstack
added 2024/07/09 12:0 a.m.10 views

WordPress Houzez CRM Plugin <= 1.4.2 is vulnerable to SQL Injection

Software Houzez CRM Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5792 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 666665555649 Credits István Márton Required privilege Seller Published 9 Jul...

8.8CVSS6.9AI score0.00454EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder