6 matches found
CVE-2024-6338
The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...
CVE-2024-6338
creationtimestamp| type| source ---|---|--- 2024-07-19 11:11:29+00:00| seen| https://t.me/cvedetector/1201...
CVE-2024-6338
The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...
CVE-2024-6338 FV Player <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter
The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...
CVE-2024-6338 FV Player <= 7.5.46.7212 - Authenticated (Subscriber+) SQL Injection via exclude Parameter
The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...
WordPress FV Flowplayer Video Player Plugin <= 7.5.46.7212 is vulnerable to SQL Injection
Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.46.7212 Fixed in 7.5.47.7212 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6338 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 35cbf5adc214 Credits Arkadiusz Hydzik Required...