0.001 Low
EPSS
Percentile
49.7%
The AJAX action ‘get_reqlist’ is available to all logged in users. The parameter ‘ipp’ sent to this action is vulnerable to Blind MySQL Injection. This can be leveraged by detecting how long a query takes to return.
research.g0blin.co.uk/g0blin-00034/