8 matches found
CVE-2021-24404
The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so ...
CVE-2021-24404
The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so ...
Sql injection
The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so ...
CVE-2021-24404
The CVE-2021-24404 entry concerns the WP-Board WordPress plugin (versions up to 1.1 beta). The vulnerability is a SQL injection in options.php where the postid parameter is not sanitized, escaped, or validated before being inserted into a SQL statement. The issue is described as a time-based SQLi...
CVE-2021-24404 WP-Board <= 1.1 (beta) - Unauthenticated SQL Injection
The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so ...
WP-Board <= 1.1 (beta) - Unauthenticated SQL Injection
The options.php file of the plugin accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it take...
WordPress WP-Board plugin <= 1.1 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress WP-Board plugin versions = 1.1. Solution This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...
WP-Board <= 1.1 (beta) - Unauthenticated SQL Injection
The options.php file of the plugin accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it take...