github - ghsa-4mw6-mpc3-jcw5

ghsa-4mw6-mpc3-jcw5

Vulnerability from github

Published

2022-05-24 19:09

Modified

2022-05-24 19:09

Details

The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-24484"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-02T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard",
  "id": "GHSA-4mw6-mpc3-jcw5",
  "modified": "2022-05-24T19:09:37Z",
  "published": "2022-05-24T19:09:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24484"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/9ce0153d-4a8b-4215-b6b6-15ca68c4f52c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2021-24484 (GCVE-0-2021-24484)

Vulnerability from cvelistv5

Published

2021-08-02 10:32

Modified

2024-08-03 19:35

Severity ?

CWE

CWE-89 - SQL Injection

Summary

References

▼	URL	Tags
	https://wpscan.com/vulnerability/9ce0153d-4a8b-4215-b6b6-15ca68c4f52c	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Ays Pro	Secure Copy Content Protection and Content Locking	Version: 2.6.7 < 2.6.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:35:19.550Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/9ce0153d-4a8b-4215-b6b6-15ca68c4f52c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Secure Copy Content Protection and Content Locking",
          "vendor": "Ays Pro",
          "versions": [
            {
              "lessThan": "2.6.7",
              "status": "affected",
              "version": "2.6.7",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "To Quang Duong"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 SQL Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-02T10:32:23",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/9ce0153d-4a8b-4215-b6b6-15ca68c4f52c"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Secure Copy Content Protection and Content Locking \u003c 2.6.7 - Authenticated Blind SQL Injections",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24484",
          "STATE": "PUBLIC",
          "TITLE": "Secure Copy Content Protection and Content Locking \u003c 2.6.7 - Authenticated Blind SQL Injections"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Secure Copy Content Protection and Content Locking",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.6.7",
                            "version_value": "2.6.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ays Pro"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "To Quang Duong"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89 SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/9ce0153d-4a8b-4215-b6b6-15ca68c4f52c",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/9ce0153d-4a8b-4215-b6b6-15ca68c4f52c"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24484",
    "datePublished": "2021-08-02T10:32:23",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:35:19.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted