CVE-2020-24315

Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database.
References
Configurations

Configuration 1

cpe:2.3:a:wordpress_poll_project:wordpress_poll:*:*:*:*:*:wordpress:*:*

Information

Published : 2020-08-26 02:15

Updated : 2020-09-01 04:23


NVD link : CVE-2020-24315

Mitre link : CVE-2020-24315

Products Affected
No products.
CWE