Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by video-embed-box_project
CVE-2021-24337 (GCVE-0-2021-24337)
Vulnerability from cvelistv5 – Published: 2021-06-07 10:49 – Updated: 2024-08-03 19:28
VLAI
Title
Video Embed <= 1.0 - Authenticated (subscriber+) SQL Injection
Summary
The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection.
Severity
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/a8fd8dd4-5b5e-46… | x_refsource_CONFIRM |
| https://codevigilant.com/disclosure/2021/wp-plugi… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Video Embed |
Affected:
1.0 , ≤ 1.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Video Embed",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Syed Sheeraz Ali of Code Vigilant Project"
}
],
"descriptions": [
{
"lang": "en",
"value": "The id GET parameter of one of the Video Embed WordPress plugin through 1.0\u0027s page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-07T10:49:50.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Video Embed \u003c= 1.0 - Authenticated (subscriber+) SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24337",
"STATE": "PUBLIC",
"TITLE": "Video Embed \u003c= 1.0 - Authenticated (subscriber+) SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Video Embed",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.0",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Syed Sheeraz Ali of Code Vigilant Project"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The id GET parameter of one of the Video Embed WordPress plugin through 1.0\u0027s page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a"
},
{
"name": "https://codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/",
"refsource": "MISC",
"url": "https://codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24337",
"datePublished": "2021-06-07T10:49:50.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}