Lucene search
PRIOn knowledge basePRION:CVE-2021-43408HistoryNov 19, 2021 - 4:15 p.m.
Sql injection
2021-11-1916:15:00
PRIOn knowledge base
www.prio-n.com
5
The “Duplicate Post” WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles.
| CPE | Name | Operator | Version |
|---|---|---|---|
| duplicate_post | le | 1.1.9 |
Related
githubexploit
githubexploit
Exploit for SQL Injection in Duplicate Post Project Duplicate Post
2022-05-31 03:00:27
patchstack
patchstack
nvd
nvd
CVE-2021-43408
2021-11-19 16:15:07
cvelist
cvelist
CVE-2021-43408 Duplicate Post WordPress Plugin SQL Injection Vulnerability
2021-10-19 00:00:00
cve
cve
CVE-2021-43408
2021-11-19 16:15:07
wpvulndb
wpvulndb
Duplicate Post < 1.2.0 - Authenticated SQL Injection
2021-10-25 00:00:00
checkpoint_advisories
checkpoint_advisories
WordPress Duplicate Post Plugin SQL Injection (CVE-2021-43408)
2021-12-15 00:00:00
wpexploit
wpexploit
Duplicate Post < 1.2.0 - Authenticated SQL Injection
2021-10-25 00:00:00