Lucene search

K
wpvulndbClément NotinWPVDB-ID:70E9E2E7-9893-46DB-B574-66901A2AF21D
HistoryJun 21, 2017 - 12:00 a.m.

Email Before Download < 4.0 - SQL Injection

2017-06-2100:00:00
Clément Notin
wpscan.com
28

Email Before Download (https://wordpress.org/plugins/email-before-download/) before version 4.0 was vulnerable to several SQL injections. An SQL escaping function was used but the escaped value was not between quotes so the attack payload does not have to use quotes and thus no escaping is done.