Page 2 of 11 results (0.001 seconds)
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 9
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 9CVE-2022-0739 – BookingPress < 1.0.11 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2022-0739
28 Feb 2022 — The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection El plugin BookingPress de WordPress versiones anteriores a 1.0.11, no sanea correctamente los datos POST proporcionados por el usuario antes de que sean usados en una consulta SQL construida dinĂ¡micamente por medi... • https://github.com/destr4ct/CVE-2022-0739 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •