← back
CVE-2022-2840

Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi

EPSS 9.6%CWE-89
The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections
Affected products
Unknown · Zephyr Project Manager
public PoCs found2
cve_referencepacketstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51024unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.htmlhttps://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c