Lucene search
Krzysztof ZającWPEX-ID:09871847-1D6A-4DFE-8A8C-F2F53FF87445HistoryNov 15, 2021 - 12:00 a.m.
Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection
2021-11-1500:00:00
Krzysztof Zając
210
0.143 Low
EPSS
Percentile
95.7%
The plugin does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue
https://example.com/wp-admin/admin-ajax.php?action=mec_load_single_page&time=1))%20UNION%20SELECT%20sleep(10)%20--%20gRelated
nuclei
nuclei
WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
2023-01-02 13:01:31
zdt
zdt
metasploit
metasploit
WordPress Modern Events Calendar SQLi Scanner
2022-02-03 00:21:42
patchstack
patchstack
prion
prion
Sql injection
2021-12-13 11:15:00
cnvd
cnvd
WordPress Modern Events Calendar Lite PluginSQL Injection Vulnerability
2021-12-18 00:00:00
nvd
nvd
CVE-2021-24946
2021-12-13 11:15:09
wpvulndb
wpvulndb
Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection
2021-11-15 00:00:00
packetstorm
packetstorm
WordPress Modern Events Calendar 6.1 SQL Injection
2022-01-27 00:00:00
cvelist
cvelist
cve
cve
CVE-2021-24946
2021-12-13 11:15:09
exploitdb
exploitdb
openvas
openvas
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-03-04 21:52:42