← voltar
CVE-2021-24741

Support Board < 3.3.4 - Multiple Unauthenticated SQL Injections

EPSS 5.5%CWE-89
The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users.
Produtos afetados
Unknown · Support Board

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://board.support/changeshttps://medium.com/%40lijohnjefferson/multiple-sql-injection-unauthenticated-in-support-board-v-3-3-3-3e9b4214a4f9https://wpscan.com/vulnerability/ccf293ec-7607-412b-b662-5e237b8690ca