7 matches found
CZ Loan Management <= 1.1 - SQL Injection
The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2024-5975 info: name: CZ Loan Management = 1.1 - SQL Injection author...
WordPress CZ Loan Management plugin <= 1.1 - Unauthenticated SQLi vulnerability
Unauthenticated SQLi vulnerability discovered by Project Black in WordPress Plugin CZ Loan Management versions = 1.1...
CVE-2024-5975 CZ Loan Management <= 1.1 - Unauthenticated SQLi
The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2024-5975 CZ Loan Management <= 1.1 - Unauthenticated SQLi
The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
WordPress plugin CZ Loan Management 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress CZ Loan Management Plugin <= 1.1 is vulnerable to SQL Injection
Software CZ Loan Management Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5975 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID c42111d4bd74 Credits Project Black Required privilege Unauthenticated...
PT-2024-37286 · WordPress · Cz Loan Management
Name of the Vulnerable Software and Affected Versions: CZ Loan Management WordPress plugin versions 1.1 and earlier Description: The issue arises from the improper sanitization and escaping of a parameter before its use in a SQL statement via an AJAX action. This AJAX action is available to...