Newsletter by Supsystic <= 1.5.6 - Authenticated SQL Injection

2021-02-08T00:00:00
ID WPVDB-ID:559EA8CD-B4F5-4332-B581-9162E9CCA5FF
Type wpvulndb
Reporter wpvulndb
Modified 2021-02-10T06:00:42

Description

The GET parameter "sidx" is used in a SQL statement without being sanitised when searching for subscribers in the dashboard, leading to an authenticated SQL Injection issue.

PoC

The PoC will be displayed once the issue has been remediated