CVE-2022-1691
N/A
N/A
Summary
The Realty Workstation WordPress plugin before 1.0.15 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Realty Workstation | 1.0.15 < 1.0.15 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/f9363b4c-c434-4f15-93f8-46162d2d7049
- https://bulletin.iese.de/post/realty-workstation_1-0-6
References
- https://wpscan.com/vulnerability/f9363b4c-c434-4f15-93f8-46162d2d7049
- https://bulletin.iese.de/post/realty-workstation_1-0-6
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.