Search criteria
2 vulnerabilities found for Email Before Download by Unknown
CVE-2021-24748 (GCVE-0-2021-24748)
Vulnerability from nvd – Published: 2021-11-29 08:25 – Updated: 2024-08-03 19:42
VLAI?
Title
Email Before Download < 6.8 - Admin+ SQL Injection
Summary
The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Email Before Download |
Affected:
6.8 , < 6.8
(custom)
|
Credits
bl4derunner
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a8625b84-337d-4c4d-a698-73e59d1f8ee1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Email Before Download",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.8",
"status": "affected",
"version": "6.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "bl4derunner"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-29T08:25:31",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/a8625b84-337d-4c4d-a698-73e59d1f8ee1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Email Before Download \u003c 6.8 - Admin+ SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24748",
"STATE": "PUBLIC",
"TITLE": "Email Before Download \u003c 6.8 - Admin+ SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Email Before Download",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.8",
"version_value": "6.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "bl4derunner"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a8625b84-337d-4c4d-a698-73e59d1f8ee1",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a8625b84-337d-4c4d-a698-73e59d1f8ee1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24748",
"datePublished": "2021-11-29T08:25:31",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:16.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24748 (GCVE-0-2021-24748)
Vulnerability from cvelistv5 – Published: 2021-11-29 08:25 – Updated: 2024-08-03 19:42
VLAI?
Title
Email Before Download < 6.8 - Admin+ SQL Injection
Summary
The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Email Before Download |
Affected:
6.8 , < 6.8
(custom)
|
Credits
bl4derunner
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a8625b84-337d-4c4d-a698-73e59d1f8ee1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Email Before Download",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.8",
"status": "affected",
"version": "6.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "bl4derunner"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-29T08:25:31",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/a8625b84-337d-4c4d-a698-73e59d1f8ee1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Email Before Download \u003c 6.8 - Admin+ SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24748",
"STATE": "PUBLIC",
"TITLE": "Email Before Download \u003c 6.8 - Admin+ SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Email Before Download",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.8",
"version_value": "6.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "bl4derunner"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a8625b84-337d-4c4d-a698-73e59d1f8ee1",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a8625b84-337d-4c4d-a698-73e59d1f8ee1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24748",
"datePublished": "2021-11-29T08:25:31",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:16.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}