## WordPress plugin perfect survey admin-ajax.php question_id SQL Injection Vulnerability (CVE-2021-24762)

|   **Vulnerability**  | **WordPress plugin perfect survey admin-ajax.php question_id SQL Injection Vulnerability (CVE-2021-24762)**  |
| :----:   | :-----|
| **Chinese name**  | WordPress perfect survey 插件 admin-ajax.php 文件 question_id 参数 SQL注入漏洞（CVE-2021-24762） |
| **CVSS core**  | 9.8 |
| **FOFA Query**  (click to view the results directly)| [body="/wp-content/plugins/perfect-survey"](https://en.fofa.info/result?qbase64=Ym9keT0iL3dwLWNvbnRlbnQvcGx1Z2lucy9wZXJmZWN0LXN1cnZleSI%3D) |
| **Number of assets affected**  | 628 |
| **Description**  | WordPress plugin perfect survey is a plugin for surveying user feedback issues.WordPress plugin perfect survey version before 1.5.2 has a SQL injection vulnerability, the vulnerability stems from the lack of validation of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands to obtain sensitive information such as user passwords. |
| **Impact** | WordPress plugin perfect survey version before 1.5.2 has a SQL injection vulnerability, the vulnerability stems from the lack of validation of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands to obtain sensitive information such as user passwords. |

![](https://s3.bmp.ovh/imgs/2023/07/13/7a534dcb3646e5c6.gif)