mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
829 B
829 B
CVE-2021-24336
Description
The FlightLog WordPress plugin through 3.0.2 does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and administrator users
POC
Reference
- https://codevigilant.com/disclosure/2021/wp-plugin-flightlog-sql-injection/
- https://wpscan.com/vulnerability/dda0593e-cd97-454e-a8c8-15d7f690311c