CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9201 – SQL injection vulnerability in SEUR plugin
https://notcve.org/view.php?id=CVE-2024-9201
10 Oct 2024 — The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint. The SEUR Oficial plugin for WordPress is vulnerable to SQL Injection via the 'id_order' parameter of the '/modules/seur/ajax/saveCodFee.php' file in all versions up to, and including, 2.2.10.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mak... • https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-seur-plugin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •