CVE-2024-7766 Adicon Server <= 1.2 - Admin+ SQL Injection

2024-09-1206:00:04

WPScan

github.com

adicon server

wordpress

sql injection

admin+

EPSS

0.001

Percentile

20.0%

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:erichamby:adicon_server:*:*:*:*:*:*:*:*"
    ],
    "vendor": "erichamby",
    "product": "adicon_server",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "1.2"
      }
    ],
    "defaultStatus": "unknown"
  }
]