Lucene search
WPScanCVELIST:CVE-2021-24149HistoryMar 18, 2021 - 2:57 p.m.
CVE-2021-24149 Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection
2021-03-1814:57:50
CWE-89
WPScan
www.cve.org
1
Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue.
CNA Affected
[
{
"product": "Modern Events Calendar Lite",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.16.6",
"status": "affected",
"version": "5.16.6",
"versionType": "custom"
}
]
}
]Related
prion
prion
Sql injection
2021-03-18 15:15:00
wpexploit
wpexploit
Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection
2021-01-29 00:00:00
wpvulndb
wpvulndb
Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection
2021-01-29 00:00:00
cve
cve
CVE-2021-24149
2021-03-18 15:15:15
nvd
nvd
CVE-2021-24149
2021-03-18 15:15:15