CVE-2021-24860 BSK PDF Manager < 3.1.2 - Admin+ SQL Injection

2021-11-2908:25:41

CWE-89

WPScan

www.cve.org

0.001 Low

EPSS

Percentile

37.7%

JSON

The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue

CNA Affected

[
  {
    "product": "BSK PDF Manager",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.1.2",
        "status": "affected",
        "version": "3.1.2",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/d5891973-37d0-48cb-a5a3-a26c771b3369

0.001 Low

EPSS

Percentile

37.7%

JSON

Related for CVELIST:CVE-2021-24860