CVE-2021-24285

The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL Injection issue.
Configurations

Configuration 1

cpe:2.3:a:cars-seller-auto-classifieds-script_project:cars-seller-auto-classifieds-script:*:*:*:*:*:wordpress:*:*

Information

Published : 2021-05-14 12:15

Updated : 2021-05-21 08:37


NVD link : CVE-2021-24285

Mitre link : CVE-2021-24285

Products Affected
No products.
CWE