← volver
CVE-2021-24741

Support Board < 3.3.4 - Multiple Unauthenticated SQL Injections

EPSS 5.5%CWE-89
The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users.
Productos afectados
Unknown · Support Board

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://board.support/changeshttps://medium.com/%40lijohnjefferson/multiple-sql-injection-unauthenticated-in-support-board-v-3-3-3-3e9b4214a4f9https://wpscan.com/vulnerability/ccf293ec-7607-412b-b662-5e237b8690ca