Lucene search
WPScanCVELIST:CVE-2021-24666HistorySep 27, 2021 - 3:25 p.m.
CVE-2021-24666 Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection
2021-09-2715:25:36
CWE-89
WPScan
www.cve.org
The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a ‘Social & Donations’ module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an ‘id’ and ‘category’ parameters as arguments. Both parameters can be used for the SQLi.
CNA Affected
[
{
"product": "Podlove Podcast Publisher",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.6",
"versionType": "custom"
}
]
}
]Related
patchstack
patchstack
prion
prion
Default credentials
2021-09-27 16:15:00
osv
osv
CVE-2021-24666
2021-09-27 16:15:09
nvd
nvd
CVE-2021-24666
2021-09-27 16:15:09
nuclei
nuclei
WordPress Podlove Podcast Publisher <3.5.6 - SQL Injection
2023-03-31 11:28:24
wpexploit
wpexploit
Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection
2021-08-24 00:00:00
wpvulndb
wpvulndb
Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection
2021-08-24 00:00:00
cve
cve
CVE-2021-24666
2021-09-27 16:15:09