admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/24xxx/CVE-2021-24849.json
erwanlr e91b1eebeb Adds CVEs
2021-12-21 09:38:40 +01:00

75 lines
1.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"CVE_data_meta": {
"ID": "CVE-2021-24849",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WCFM Marketplace Best Multivendor Marketplace for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.4.12",
"version_value": "3.4.12"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/763c08a0-4b2b-4487-b91c-be6cc2b9322e",
"name": "https://wpscan.com/vulnerability/763c08a0-4b2b-4487-b91c-be6cc2b9322e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
Reference in New Issue View Git Blame Copy Permalink