CVE-2021-24741

Support Board < 3.3.4 - Multiple Unauthenticated SQL Injections

EPSS 5.5%CWE-89

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 5.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

20 sep 2021Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users.

Productos afectados

Unknown · Support Board

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://board.support/changes https://medium.com/%40lijohnjefferson/multiple-sql-injection-unauthenticated-in-support-board-v-3-3-3-3e9b4214a4f9 https://wpscan.com/vulnerability/ccf293ec-7607-412b-b662-5e237b8690ca