1 results (0.003 seconds)
CVSS: 10.0EPSS: 53%CPEs: 1EXPL: 5
CVSS: 10.0EPSS: 53%CPEs: 1EXPL: 5CVE-2024-5522 – HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2024-5522
30 May 2024 — The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks El complemento HTML5 Video Player de WordPress anterior a 2.5.27 no sanitiza ni escapa un parámetro de una ruta REST antes de usarlo en una declaración SQL, lo que permite a usuarios no autenticados realizar ataques de inyección SQL. The HTML5 Video Player – Best WordPress Video Player Plugin and B... • https://github.com/truonghuuphuc/CVE-2024-5522-Poc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •