CVE-2022-2840
N/A
N/A
Summary
The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Zephyr Project Manager | 3.2.5 < 3.2.5 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c
- http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html
References
- https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c
- http://packetstormsecurity.com/files/168652/WordPress-Zephyr-Project-Manager-3.2.42-SQL-Injection.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.