CVE-2021-24758

Email Log < 2.4.7 - Admin+ SQL Injection

EPSS 1.3%CWE-89

The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections

Productos afectados

Unknown · Email Log

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/8dd70db4-5845-440d-8b1d-012738abaac2