CVE-2021-24484 Vulnerability Details

  /     /     /  

CVE-2021-24484 Metadata Quick Info

CVE Published: 02/08/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: WPScan | Vendor: Ays Pro | Product: Secure Copy Content Protection and Content Locking
Status : PUBLISHED

---

CVE-2021-24484 Description

The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-89
CWE Name: CWE-89 SQL Injection
Source: Ays Pro

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).