logo
DATABASE RESOURCES PRICING ABOUT US

Duplicate Post < 1.2.0 - Authenticated SQL Injection

Description

The plugin does not properly sanitise and escape the id parameter passed to the cdp_action_handling AJAX action, which could allow user having access to the plugin (by default admins) to perform SQL Injection attacks


Related