CVE-2021-24575

WPSchoolPress < 2.1.10 - Multiple Authenticated SQL Injections

EPSS 1.3%CWE-89

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

08 nov 2021Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to teachers and above.

Produtos afetados

Unknown · School Management System – WPSchoolPress

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://wpscan.com/vulnerability/83c9c3af-9eca-45e0-90d7-edc69e616e6a