QwikSec

Security Database

CVE

CWE

Training

CVE-2018-1000131

Published: Mar 14, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack appear to be exploitable via web site, without login. This vulnerability appears to have been fixed in 9.0.3 and later.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://wpvulndb.com/vulnerabilities/9041

x_refsource_MISC

https://github.com/00theway/exp/blob/master/wordpress/wpsupportplus.md

x_refsource_MISC

https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.