CVE-2021-24484 Secure Copy Content Protection and Content Locking < 2.6.7 - Authenticated Blind SQL Injections

2021-08-0210:32:23

CWE-89

WPScan

www.cve.org

cve-2021-24484

wordpress plugin

sql injection

admin dashboard

EPSS

0.001

Percentile

36.7%

JSON

The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

CNA Affected

[
  {
    "product": "Secure Copy Content Protection and Content Locking",
    "vendor": "Ays Pro",
    "versions": [
      {
        "lessThan": "2.6.7",
        "status": "affected",
        "version": "2.6.7",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/9ce0153d-4a8b-4215-b6b6-15ca68c4f52c

EPSS

0.001

Percentile

36.7%

JSON

Related for CVELIST:CVE-2021-24484