CVE-2020-24315

Published: Aug 26, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/

x_refsource_MISC

https://wordpress.org/plugins/cardoza-wordpress-poll/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-24315

Description

Affected Products

References