Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2021-24625

Disclosure Date: November 08, 2021 (last updated February 23, 2025)
The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0