CVE-2021-24285 Scanner
Detects 'SQL Injection' vulnerability in Car Seller Auto Classifieds Script affects v. through 2.1.0.
Short Info
Level
Critical
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Domain, Ipv4
Parent Category
CVE-2021-24285 Scanner Detail
Car Seller Auto Classifieds Script is a WordPress plugin that enables site owners to create a platform where they can sell automobiles. The plugin is designed to be user-friendly, intuitive, and easy to use. It comes with a range of features, including the ability to create custom categories, add custom fields, and set up a search filter.
Unfortunately, the plugin has been found to contain a critical vulnerability. CVE-2021-24285 is a SQL injection vulnerability that exists in the request_list_request AJAX call of the plugin. This vulnerability is present in both authenticated and unauthenticated contexts, and it arises because the plugin does not validate, sanitize or escape the order_id POST parameter before using it in a SQL statement.
When exploited, this vulnerability can allow an attacker to execute arbitrary SQL queries. This can lead to data leakage, data manipulation, and full system compromise. An attacker can steal sensitive information, compromise user accounts, and even take control of the entire WordPress installation, compromising the entire website.
At SecurityForEveryone.com, we provide users with the tools they need to stay on top of their website's security. With our pro features, users can quickly and easily learn about vulnerabilities in their digital assets. We offer comprehensive vulnerability scanning and reporting to help our clients stay ahead of the game. With SecurityForEveryone.com, you can be confident that your website is secure and protected from malicious attacks.
REFERENCES
control security posture