2 matches found
CVE-2021-24361 GeoDirectory Location Manager < 2.1.0.10 - Multiple Unauthenticated SQL Injections
In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gdpopularlocationlist did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues...
GeoDirectory Location Manager < 2.1.0.10 - Multiple Unauthenticated SQL Injections
In the plugin, the AJAX action gdpopularlocationlist did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues. The prerequisite to exploiting this vulnerability is finding a page on the vulnerable si...